All the vulnerabilites related to netapp - element_software
cve-2017-10115
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:02
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
https://access.redhat.com/errata/RHSA-2017:1791vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1790vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170720-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1789vendor-advisory, x_refsource_REDHAT
https://cert.vde.com/en-us/advisories/vde-2017-002x_refsource_CONFIRM
http://www.securityfocus.com/bid/99774vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2017:2424vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1038931vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1792vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201709-22vendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3919vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:2481vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2530vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2469vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3954vendor-advisory, x_refsource_DEBIAN
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:33:16.172Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1791"
          },
          {
            "name": "RHSA-2017:1790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "name": "RHSA-2017:1789",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1789"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
          },
          {
            "name": "99774",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99774"
          },
          {
            "name": "RHSA-2017:2424",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2424"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "RHSA-2017:1792",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1792"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "name": "DSA-3919",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3919"
          },
          {
            "name": "RHSA-2017:2481",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2481"
          },
          {
            "name": "RHSA-2017:2530",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2530"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:2469",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2469"
          },
          {
            "name": "DSA-3954",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3954"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10115",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:36:48.371666Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T19:02:31.369Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u151"
            },
            {
              "status": "affected",
              "version": "7u141"
            },
            {
              "status": "affected",
              "version": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-16T13:57:02",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:1791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1791"
        },
        {
          "name": "RHSA-2017:1790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "name": "RHSA-2017:1789",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1789"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
        },
        {
          "name": "99774",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99774"
        },
        {
          "name": "RHSA-2017:2424",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2424"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "RHSA-2017:1792",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1792"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "name": "DSA-3919",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3919"
        },
        {
          "name": "RHSA-2017:2481",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2481"
        },
        {
          "name": "RHSA-2017:2530",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2530"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:2469",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2469"
        },
        {
          "name": "DSA-3954",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3954"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10115",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u141"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1791"
            },
            {
              "name": "RHSA-2017:1790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1790"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "RHSA-2017:1789",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1789"
            },
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2017-002",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
            },
            {
              "name": "99774",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99774"
            },
            {
              "name": "RHSA-2017:2424",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2424"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "RHSA-2017:1792",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1792"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "DSA-3919",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3919"
            },
            {
              "name": "RHSA-2017:2481",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2481"
            },
            {
              "name": "RHSA-2017:2530",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2530"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:2469",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2469"
            },
            {
              "name": "DSA-3954",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3954"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10115",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T19:02:31.369Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-1678
Vulnerability from cvelistv5
Published
2022-05-25 14:49
Modified
2024-08-03 00:10
Summary
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:10:03.820Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=61"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitee.com/anolis/cloud-kernel/commit/bed537da691b"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://anas.openanolis.cn/cves/detail/CVE-2022-1678"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://anas.openanolis.cn/errata/detail/ANSA-2022:0143"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220715-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.18",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.19",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-911",
              "description": "CWE-911 Improper Update of Reference Count",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-15T15:06:58",
        "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
        "shortName": "Anolis"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=61"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitee.com/anolis/cloud-kernel/commit/bed537da691b"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://anas.openanolis.cn/cves/detail/CVE-2022-1678"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://anas.openanolis.cn/errata/detail/ANSA-2022:0143"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220715-0001/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@openanolis.org",
          "ID": "CVE-2022-1678",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.18"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "4.19"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-911 Improper Update of Reference Count"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.openanolis.cn/show_bug.cgi?id=61",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=61"
            },
            {
              "name": "https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing@gmail.com/",
              "refsource": "MISC",
              "url": "https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing@gmail.com/"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a"
            },
            {
              "name": "https://gitee.com/anolis/cloud-kernel/commit/bed537da691b",
              "refsource": "MISC",
              "url": "https://gitee.com/anolis/cloud-kernel/commit/bed537da691b"
            },
            {
              "name": "https://anas.openanolis.cn/cves/detail/CVE-2022-1678",
              "refsource": "MISC",
              "url": "https://anas.openanolis.cn/cves/detail/CVE-2022-1678"
            },
            {
              "name": "https://anas.openanolis.cn/errata/detail/ANSA-2022:0143",
              "refsource": "MISC",
              "url": "https://anas.openanolis.cn/errata/detail/ANSA-2022:0143"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220715-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220715-0001/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
    "assignerShortName": "Anolis",
    "cveId": "CVE-2022-1678",
    "datePublished": "2022-05-25T14:49:30",
    "dateReserved": "2022-05-12T00:00:00",
    "dateUpdated": "2024-08-03T00:10:03.820Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-7183
Vulnerability from cvelistv5
Published
2018-03-08 20:00
Modified
2024-08-05 06:24
Severity ?
Summary
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:24:11.482Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201805-12",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201805-12"
          },
          {
            "name": "FreeBSD-SA-18:02",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
          },
          {
            "name": "USN-3707-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3707-2/"
          },
          {
            "name": "USN-3707-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3707-1/"
          },
          {
            "name": "103351",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103351"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/support/security/Synology_SA_18_13"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/NtpBug3414"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-02-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T22:53:16",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201805-12",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201805-12"
        },
        {
          "name": "FreeBSD-SA-18:02",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
        },
        {
          "name": "USN-3707-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3707-2/"
        },
        {
          "name": "USN-3707-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3707-1/"
        },
        {
          "name": "103351",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103351"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/support/security/Synology_SA_18_13"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/NtpBug3414"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-7183",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201805-12",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201805-12"
            },
            {
              "name": "FreeBSD-SA-18:02",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
            },
            {
              "name": "USN-3707-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3707-2/"
            },
            {
              "name": "USN-3707-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3707-1/"
            },
            {
              "name": "103351",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103351"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180626-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S"
            },
            {
              "name": "https://www.synology.com/support/security/Synology_SA_18_13",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/support/security/Synology_SA_18_13"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/NtpBug3414",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3414"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-7183",
    "datePublished": "2018-03-08T20:00:00",
    "dateReserved": "2018-02-16T00:00:00",
    "dateUpdated": "2024-08-05T06:24:11.482Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10349
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:49
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
https://access.redhat.com/errata/RHSA-2017:3047vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201711-14vendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/bid/101348vdb-entry, x_refsource_BID
https://www.debian.org/security/2017/dsa-4015vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3267vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2998vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3268vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:3046vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1039596vdb-entry, x_refsource_SECTRACK
https://security.gentoo.org/glsa/201710-31vendor-advisory, x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2017:3264vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2017/dsa-4048vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3392vendor-advisory, x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlmailing-list, x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20171019-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:2999vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:41:55.544Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:3047",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3047"
          },
          {
            "name": "GLSA-201711-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201711-14"
          },
          {
            "name": "101348",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101348"
          },
          {
            "name": "DSA-4015",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4015"
          },
          {
            "name": "RHSA-2017:3267",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3267"
          },
          {
            "name": "RHSA-2017:2998",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2998"
          },
          {
            "name": "RHSA-2017:3268",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3268"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "RHSA-2017:3046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3046"
          },
          {
            "name": "1039596",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039596"
          },
          {
            "name": "GLSA-201710-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201710-31"
          },
          {
            "name": "RHSA-2017:3264",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3264"
          },
          {
            "name": "DSA-4048",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4048"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:3392",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3392"
          },
          {
            "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
          },
          {
            "name": "RHSA-2017:2999",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2999"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10349",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:35:25.233557Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T16:49:11.928Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u161"
            },
            {
              "status": "affected",
              "version": "7u151"
            },
            {
              "status": "affected",
              "version": "8u144"
            },
            {
              "status": "affected",
              "version": "9; Java SE Embedded: 8u144"
            }
          ]
        }
      ],
      "datePublic": "2017-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-02T10:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:3047",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3047"
        },
        {
          "name": "GLSA-201711-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201711-14"
        },
        {
          "name": "101348",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101348"
        },
        {
          "name": "DSA-4015",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4015"
        },
        {
          "name": "RHSA-2017:3267",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3267"
        },
        {
          "name": "RHSA-2017:2998",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2998"
        },
        {
          "name": "RHSA-2017:3268",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3268"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "RHSA-2017:3046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3046"
        },
        {
          "name": "1039596",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039596"
        },
        {
          "name": "GLSA-201710-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201710-31"
        },
        {
          "name": "RHSA-2017:3264",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3264"
        },
        {
          "name": "DSA-4048",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4048"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:3392",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3392"
        },
        {
          "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
        },
        {
          "name": "RHSA-2017:2999",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2999"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10349",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u161"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u144"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9; Java SE Embedded: 8u144"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:3047",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3047"
            },
            {
              "name": "GLSA-201711-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201711-14"
            },
            {
              "name": "101348",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101348"
            },
            {
              "name": "DSA-4015",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4015"
            },
            {
              "name": "RHSA-2017:3267",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3267"
            },
            {
              "name": "RHSA-2017:2998",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2998"
            },
            {
              "name": "RHSA-2017:3268",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3268"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "RHSA-2017:3046",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3046"
            },
            {
              "name": "1039596",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039596"
            },
            {
              "name": "GLSA-201710-31",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201710-31"
            },
            {
              "name": "RHSA-2017:3264",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3264"
            },
            {
              "name": "DSA-4048",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4048"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:3392",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3392"
            },
            {
              "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171019-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
            },
            {
              "name": "RHSA-2017:2999",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2999"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10349",
    "datePublished": "2017-10-19T17:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T16:49:11.928Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-3140
Vulnerability from cvelistv5
Published
2019-01-16 20:00
Modified
2024-09-17 04:10
Summary
If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:16:28.271Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038692",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038692"
          },
          {
            "name": "GLSA-201708-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201708-01"
          },
          {
            "name": "99088",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99088"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03772en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180926-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/docs/aa-01495"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "status": "affected",
              "version": "9.9.10, 9.10.5, 9.11.0-\u003e9.11.1, 9.9.10-S1, 9.10.5-S1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Oli Schacher of Switch for bringing this defect to our attention."
        }
      ],
      "datePublic": "2017-06-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0-\u003e9.11.1, 9.9.10-S1, 9.10.5-S1."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "A server is potentially vulnerable to degradation of service if\n\n    the server is configured to use RPZ,\n    the server uses NSDNAME or NSIP policy rules, and\n    an attacker can cause the server to process a specific query\n\nSuccessful exploitation of this condition will cause named to enter a state where it continues to loop while processing the query without ever reaching an end state. While in this state, named repeatedly queries the same sets of authoritative nameservers and this behavior will usually persist indefinitely beyond the normal client query processing timeout. By triggering this condition multiple times, an attacker could cause a deliberate and substantial degradation in service.\n\nOperators of servers that meet the above conditions 1. and 2. may also accidentally encounter this defect during normal operation.  It is for this reason that the decision was made to issue this advisory despite its low CVSS score.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-17T10:57:01",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "name": "1038692",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038692"
        },
        {
          "name": "GLSA-201708-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201708-01"
        },
        {
          "name": "99088",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99088"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03772en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180926-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/docs/aa-01495"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND.  These can all be downloaded from http://www.isc.org/downloads.\n\n    BIND 9 version 9.9.10-P1\n    BIND 9 version 9.10.5-P1\n    BIND 9 version 9.11.1-P1\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n    BIND 9 version 9.9.10-S2\n    BIND 9 version 9.10.5-S2"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "An error processing RPZ rules can cause named to loop endlessly after handling a query",
      "workarounds": [
        {
          "lang": "en",
          "value": "Only the NSDNAME and NSIP RPZ rule types can cause this condition to occur.  You can work around this vulnerability if you are able to express your desired policy while avoiding NSDNAME or NSIP rules, otherwise it is advised that you upgrade to a version which corrects the defect."
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-officer@isc.org",
          "DATE_PUBLIC": "2017-06-14T00:00:00.000Z",
          "ID": "CVE-2017-3140",
          "STATE": "PUBLIC",
          "TITLE": "An error processing RPZ rules can cause named to loop endlessly after handling a query"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIND 9",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.9.10, 9.10.5, 9.11.0-\u003e9.11.1, 9.9.10-S1, 9.10.5-S1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ISC"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "ISC would like to thank Oli Schacher of Switch for bringing this defect to our attention."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0-\u003e9.11.1, 9.9.10-S1, 9.10.5-S1."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "A server is potentially vulnerable to degradation of service if\n\n    the server is configured to use RPZ,\n    the server uses NSDNAME or NSIP policy rules, and\n    an attacker can cause the server to process a specific query\n\nSuccessful exploitation of this condition will cause named to enter a state where it continues to loop while processing the query without ever reaching an end state. While in this state, named repeatedly queries the same sets of authoritative nameservers and this behavior will usually persist indefinitely beyond the normal client query processing timeout. By triggering this condition multiple times, an attacker could cause a deliberate and substantial degradation in service.\n\nOperators of servers that meet the above conditions 1. and 2. may also accidentally encounter this defect during normal operation.  It is for this reason that the decision was made to issue this advisory despite its low CVSS score."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038692",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038692"
            },
            {
              "name": "GLSA-201708-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201708-01"
            },
            {
              "name": "99088",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99088"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03772en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03772en_us"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180926-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180926-0001/"
            },
            {
              "name": "https://kb.isc.org/docs/aa-01495",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/docs/aa-01495"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Upgrade to the patched release most closely related to your current version of BIND.  These can all be downloaded from http://www.isc.org/downloads.\n\n    BIND 9 version 9.9.10-P1\n    BIND 9 version 9.10.5-P1\n    BIND 9 version 9.11.1-P1\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n    BIND 9 version 9.9.10-S2\n    BIND 9 version 9.10.5-S2"
          }
        ],
        "source": {
          "discovery": "UNKNOWN"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Only the NSDNAME and NSIP RPZ rule types can cause this condition to occur.  You can work around this vulnerability if you are able to express your desired policy while avoiding NSDNAME or NSIP rules, otherwise it is advised that you upgrade to a version which corrects the defect."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2017-3140",
    "datePublished": "2019-01-16T20:00:00Z",
    "dateReserved": "2016-12-02T00:00:00",
    "dateUpdated": "2024-09-17T04:10:30.985Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-12770
Vulnerability from cvelistv5
Published
2020-05-09 20:16
Modified
2024-08-04 12:04
Severity ?
Summary
An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.
References
https://lkml.org/lkml/2020/4/13/870x_refsource_CONFIRM
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aeex_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/vendor-advisory, x_refsource_FEDORA
https://security.netapp.com/advisory/ntap-20200608-0001/x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.htmlmailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.htmlmailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.htmlmailing-list, x_refsource_MLIST
https://www.debian.org/security/2020/dsa-4698vendor-advisory, x_refsource_DEBIAN
https://www.debian.org/security/2020/dsa-4699vendor-advisory, x_refsource_DEBIAN
https://usn.ubuntu.com/4413-1/vendor-advisory, x_refsource_UBUNTU
https://usn.ubuntu.com/4411-1/vendor-advisory, x_refsource_UBUNTU
https://usn.ubuntu.com/4412-1/vendor-advisory, x_refsource_UBUNTU
https://usn.ubuntu.com/4419-1/vendor-advisory, x_refsource_UBUNTU
https://usn.ubuntu.com/4414-1/vendor-advisory, x_refsource_UBUNTU
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:04:22.871Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lkml.org/lkml/2020/4/13/870"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee"
          },
          {
            "name": "FEDORA-2020-4c69987c40",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/"
          },
          {
            "name": "FEDORA-2020-c6b9fff7f8",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/"
          },
          {
            "name": "FEDORA-2020-5a69decc0c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
          },
          {
            "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
          },
          {
            "name": "DSA-4698",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4698"
          },
          {
            "name": "DSA-4699",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4699"
          },
          {
            "name": "USN-4413-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4413-1/"
          },
          {
            "name": "USN-4411-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4411-1/"
          },
          {
            "name": "USN-4412-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4412-1/"
          },
          {
            "name": "USN-4419-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4419-1/"
          },
          {
            "name": "USN-4414-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4414-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-29T18:06:16",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lkml.org/lkml/2020/4/13/870"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee"
        },
        {
          "name": "FEDORA-2020-4c69987c40",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/"
        },
        {
          "name": "FEDORA-2020-c6b9fff7f8",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/"
        },
        {
          "name": "FEDORA-2020-5a69decc0c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
        },
        {
          "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
        },
        {
          "name": "DSA-4698",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4698"
        },
        {
          "name": "DSA-4699",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4699"
        },
        {
          "name": "USN-4413-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4413-1/"
        },
        {
          "name": "USN-4411-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4411-1/"
        },
        {
          "name": "USN-4412-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4412-1/"
        },
        {
          "name": "USN-4419-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4419-1/"
        },
        {
          "name": "USN-4414-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4414-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-12770",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lkml.org/lkml/2020/4/13/870",
              "refsource": "CONFIRM",
              "url": "https://lkml.org/lkml/2020/4/13/870"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee",
              "refsource": "CONFIRM",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee"
            },
            {
              "name": "FEDORA-2020-4c69987c40",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/"
            },
            {
              "name": "FEDORA-2020-c6b9fff7f8",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/"
            },
            {
              "name": "FEDORA-2020-5a69decc0c",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200608-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
            },
            {
              "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
            },
            {
              "name": "DSA-4698",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4698"
            },
            {
              "name": "DSA-4699",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4699"
            },
            {
              "name": "USN-4413-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4413-1/"
            },
            {
              "name": "USN-4411-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4411-1/"
            },
            {
              "name": "USN-4412-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4412-1/"
            },
            {
              "name": "USN-4419-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4419-1/"
            },
            {
              "name": "USN-4414-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4414-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-12770",
    "datePublished": "2020-05-09T20:16:36",
    "dateReserved": "2020-05-09T00:00:00",
    "dateUpdated": "2024-08-04T12:04:22.871Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-13143
Vulnerability from cvelistv5
Published
2020-05-18 17:50
Modified
2024-08-04 12:11
Severity ?
Summary
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:11:19.057Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.spinics.net/lists/linux-usb/msg194331.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
          },
          {
            "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
          },
          {
            "name": "DSA-4698",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4698"
          },
          {
            "name": "DSA-4699",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4699"
          },
          {
            "name": "openSUSE-SU-2020:0801",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
          },
          {
            "name": "openSUSE-SU-2020:0935",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
          },
          {
            "name": "USN-4413-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4413-1/"
          },
          {
            "name": "USN-4411-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4411-1/"
          },
          {
            "name": "USN-4412-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4412-1/"
          },
          {
            "name": "USN-4419-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4419-1/"
          },
          {
            "name": "USN-4414-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4414-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal \u0027\\0\u0027 value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-04T22:50:50",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.spinics.net/lists/linux-usb/msg194331.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
        },
        {
          "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
        },
        {
          "name": "DSA-4698",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4698"
        },
        {
          "name": "DSA-4699",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4699"
        },
        {
          "name": "openSUSE-SU-2020:0801",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
        },
        {
          "name": "openSUSE-SU-2020:0935",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
        },
        {
          "name": "USN-4413-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4413-1/"
        },
        {
          "name": "USN-4411-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4411-1/"
        },
        {
          "name": "USN-4412-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4412-1/"
        },
        {
          "name": "USN-4419-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4419-1/"
        },
        {
          "name": "USN-4414-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4414-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-13143",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal \u0027\\0\u0027 value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f"
            },
            {
              "name": "https://www.spinics.net/lists/linux-usb/msg194331.html",
              "refsource": "MISC",
              "url": "https://www.spinics.net/lists/linux-usb/msg194331.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200608-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
            },
            {
              "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
            },
            {
              "name": "DSA-4698",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4698"
            },
            {
              "name": "DSA-4699",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4699"
            },
            {
              "name": "openSUSE-SU-2020:0801",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
            },
            {
              "name": "openSUSE-SU-2020:0935",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
            },
            {
              "name": "USN-4413-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4413-1/"
            },
            {
              "name": "USN-4411-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4411-1/"
            },
            {
              "name": "USN-4412-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4412-1/"
            },
            {
              "name": "USN-4419-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4419-1/"
            },
            {
              "name": "USN-4414-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4414-1/"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-13143",
    "datePublished": "2020-05-18T17:50:53",
    "dateReserved": "2020-05-18T00:00:00",
    "dateUpdated": "2024-08-04T12:11:19.057Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10285
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:55
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
https://access.redhat.com/errata/RHSA-2017:3047vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201711-14vendor-advisory, x_refsource_GENTOO
https://www.synology.com/support/security/Synology_SA_17_66_OpenJDKx_refsource_CONFIRM
https://www.debian.org/security/2017/dsa-4015vendor-advisory, x_refsource_DEBIAN
http://www.securityfocus.com/bid/101319vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2017:3267vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2998vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3268vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:3046vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1039596vdb-entry, x_refsource_SECTRACK
https://security.gentoo.org/glsa/201710-31vendor-advisory, x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2017:3264vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2017/dsa-4048vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3392vendor-advisory, x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlmailing-list, x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20171019-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:2999vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:33:17.121Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:3047",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3047"
          },
          {
            "name": "GLSA-201711-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201711-14"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK"
          },
          {
            "name": "DSA-4015",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4015"
          },
          {
            "name": "101319",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101319"
          },
          {
            "name": "RHSA-2017:3267",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3267"
          },
          {
            "name": "RHSA-2017:2998",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2998"
          },
          {
            "name": "RHSA-2017:3268",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3268"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "RHSA-2017:3046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3046"
          },
          {
            "name": "1039596",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039596"
          },
          {
            "name": "GLSA-201710-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201710-31"
          },
          {
            "name": "RHSA-2017:3264",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3264"
          },
          {
            "name": "DSA-4048",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4048"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:3392",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3392"
          },
          {
            "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
          },
          {
            "name": "RHSA-2017:2999",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2999"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10285",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:39:01.592681Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T16:55:14.846Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u161"
            },
            {
              "status": "affected",
              "version": "7u151"
            },
            {
              "status": "affected",
              "version": "8u144"
            },
            {
              "status": "affected",
              "version": "9; Java SE Embedded: 8u144"
            }
          ]
        }
      ],
      "datePublic": "2017-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-02T10:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:3047",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3047"
        },
        {
          "name": "GLSA-201711-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201711-14"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK"
        },
        {
          "name": "DSA-4015",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4015"
        },
        {
          "name": "101319",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101319"
        },
        {
          "name": "RHSA-2017:3267",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3267"
        },
        {
          "name": "RHSA-2017:2998",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2998"
        },
        {
          "name": "RHSA-2017:3268",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3268"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "RHSA-2017:3046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3046"
        },
        {
          "name": "1039596",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039596"
        },
        {
          "name": "GLSA-201710-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201710-31"
        },
        {
          "name": "RHSA-2017:3264",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3264"
        },
        {
          "name": "DSA-4048",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4048"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:3392",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3392"
        },
        {
          "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
        },
        {
          "name": "RHSA-2017:2999",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2999"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10285",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u161"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u144"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9; Java SE Embedded: 8u144"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:3047",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3047"
            },
            {
              "name": "GLSA-201711-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201711-14"
            },
            {
              "name": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK"
            },
            {
              "name": "DSA-4015",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4015"
            },
            {
              "name": "101319",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101319"
            },
            {
              "name": "RHSA-2017:3267",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3267"
            },
            {
              "name": "RHSA-2017:2998",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2998"
            },
            {
              "name": "RHSA-2017:3268",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3268"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "RHSA-2017:3046",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3046"
            },
            {
              "name": "1039596",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039596"
            },
            {
              "name": "GLSA-201710-31",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201710-31"
            },
            {
              "name": "RHSA-2017:3264",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3264"
            },
            {
              "name": "DSA-4048",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4048"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:3392",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3392"
            },
            {
              "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171019-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
            },
            {
              "name": "RHSA-2017:2999",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2999"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10285",
    "datePublished": "2017-10-19T17:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T16:55:14.846Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-38203
Vulnerability from cvelistv5
Published
2021-08-08 19:25
Modified
2024-08-04 01:37
Severity ?
Summary
btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:37:16.305Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-02T08:06:42",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-38203",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210902-0010/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-38203",
    "datePublished": "2021-08-08T19:25:31",
    "dateReserved": "2021-08-08T00:00:00",
    "dateUpdated": "2024-08-04T01:37:16.305Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-45061
Vulnerability from cvelistv5
Published
2022-11-09 00:00
Modified
2024-08-03 14:01
Severity ?
Summary
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.
References
https://github.com/python/cpython/issues/98433
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/vendor-advisory
https://security.netapp.com/advisory/ntap-20221209-0007/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/vendor-advisory
https://security.gentoo.org/glsa/202305-02vendor-advisory
https://lists.debian.org/debian-lts-announce/2023/05/msg00024.htmlmailing-list
https://lists.debian.org/debian-lts-announce/2023/06/msg00039.htmlmailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/vendor-advisory
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T14:01:31.434Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/issues/98433"
          },
          {
            "name": "FEDORA-2022-45d2cfdfa4",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/"
          },
          {
            "name": "FEDORA-2022-3e859b6bc6",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/"
          },
          {
            "name": "FEDORA-2022-e1ce71ff40",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/"
          },
          {
            "name": "FEDORA-2022-fdb2739feb",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221209-0007/"
          },
          {
            "name": "FEDORA-2022-6f4e6120d7",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/"
          },
          {
            "name": "FEDORA-2022-e6d0495206",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/"
          },
          {
            "name": "FEDORA-2022-6d51289820",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/"
          },
          {
            "name": "FEDORA-2022-50deb53896",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/"
          },
          {
            "name": "FEDORA-2022-93c6916349",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/"
          },
          {
            "name": "FEDORA-2022-18b234c18b",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/"
          },
          {
            "name": "FEDORA-2022-de755fd092",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/"
          },
          {
            "name": "FEDORA-2022-fd3771db30",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/"
          },
          {
            "name": "FEDORA-2022-6b8b96f883",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/"
          },
          {
            "name": "FEDORA-2022-3d7e44dbd5",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/"
          },
          {
            "name": "FEDORA-2022-b2f06fbb62",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/"
          },
          {
            "name": "FEDORA-2022-6ba889e0e3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/"
          },
          {
            "name": "FEDORA-2022-dbb811d203",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/"
          },
          {
            "name": "FEDORA-2022-e699dd5247",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/"
          },
          {
            "name": "FEDORA-2022-fbf6a320fe",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/"
          },
          {
            "name": "FEDORA-2022-bcf089dd07",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/"
          },
          {
            "name": "FEDORA-2023-a990c93ed0",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/"
          },
          {
            "name": "FEDORA-2023-78b4ce2f23",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/"
          },
          {
            "name": "FEDORA-2023-af5206f71d",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/"
          },
          {
            "name": "FEDORA-2023-943556a733",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/"
          },
          {
            "name": "FEDORA-2023-097dd40685",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/"
          },
          {
            "name": "FEDORA-2023-f1381c83af",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/"
          },
          {
            "name": "GLSA-202305-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-02"
          },
          {
            "name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
          },
          {
            "name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
          },
          {
            "name": "FEDORA-2023-129178fd27",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/"
          },
          {
            "name": "FEDORA-2023-c43a940a93",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/"
          },
          {
            "name": "FEDORA-2023-5460cf6dfb",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-15T21:07:33.878146",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/python/cpython/issues/98433"
        },
        {
          "name": "FEDORA-2022-45d2cfdfa4",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/"
        },
        {
          "name": "FEDORA-2022-3e859b6bc6",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/"
        },
        {
          "name": "FEDORA-2022-e1ce71ff40",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/"
        },
        {
          "name": "FEDORA-2022-fdb2739feb",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221209-0007/"
        },
        {
          "name": "FEDORA-2022-6f4e6120d7",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/"
        },
        {
          "name": "FEDORA-2022-e6d0495206",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/"
        },
        {
          "name": "FEDORA-2022-6d51289820",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/"
        },
        {
          "name": "FEDORA-2022-50deb53896",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/"
        },
        {
          "name": "FEDORA-2022-93c6916349",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/"
        },
        {
          "name": "FEDORA-2022-18b234c18b",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/"
        },
        {
          "name": "FEDORA-2022-de755fd092",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/"
        },
        {
          "name": "FEDORA-2022-fd3771db30",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/"
        },
        {
          "name": "FEDORA-2022-6b8b96f883",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/"
        },
        {
          "name": "FEDORA-2022-3d7e44dbd5",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/"
        },
        {
          "name": "FEDORA-2022-b2f06fbb62",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/"
        },
        {
          "name": "FEDORA-2022-6ba889e0e3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/"
        },
        {
          "name": "FEDORA-2022-dbb811d203",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/"
        },
        {
          "name": "FEDORA-2022-e699dd5247",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/"
        },
        {
          "name": "FEDORA-2022-fbf6a320fe",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/"
        },
        {
          "name": "FEDORA-2022-bcf089dd07",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/"
        },
        {
          "name": "FEDORA-2023-a990c93ed0",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/"
        },
        {
          "name": "FEDORA-2023-78b4ce2f23",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/"
        },
        {
          "name": "FEDORA-2023-af5206f71d",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/"
        },
        {
          "name": "FEDORA-2023-943556a733",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/"
        },
        {
          "name": "FEDORA-2023-097dd40685",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/"
        },
        {
          "name": "FEDORA-2023-f1381c83af",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/"
        },
        {
          "name": "GLSA-202305-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-02"
        },
        {
          "name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
        },
        {
          "name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
        },
        {
          "name": "FEDORA-2023-129178fd27",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/"
        },
        {
          "name": "FEDORA-2023-c43a940a93",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/"
        },
        {
          "name": "FEDORA-2023-5460cf6dfb",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-45061",
    "datePublished": "2022-11-09T00:00:00",
    "dateReserved": "2022-11-09T00:00:00",
    "dateUpdated": "2024-08-03T14:01:31.434Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-35252
Vulnerability from cvelistv5
Published
2022-09-23 00:00
Modified
2024-08-03 09:29
Severity ?
Summary
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:29:17.455Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/1613943"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220930-0005/"
          },
          {
            "name": "GLSA-202212-01",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202212-01"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213603"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213604"
          },
          {
            "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Jan/20"
          },
          {
            "name": "20230123 APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Jan/21"
          },
          {
            "name": "[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "https://github.com/curl/curl",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in curl 7.85.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "Improper Input Validation (CWE-20)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-28T00:00:00",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://hackerone.com/reports/1613943"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220930-0005/"
        },
        {
          "name": "GLSA-202212-01",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202212-01"
        },
        {
          "url": "https://support.apple.com/kb/HT213603"
        },
        {
          "url": "https://support.apple.com/kb/HT213604"
        },
        {
          "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2023/Jan/20"
        },
        {
          "name": "20230123 APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2023/Jan/21"
        },
        {
          "name": "[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2022-35252",
    "datePublished": "2022-09-23T00:00:00",
    "dateReserved": "2022-07-06T00:00:00",
    "dateUpdated": "2024-08-03T09:29:17.455Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10293
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:54
Severity ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:33:17.017Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:3047",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3047"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "RHSA-2017:3046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3046"
          },
          {
            "name": "1039596",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039596"
          },
          {
            "name": "GLSA-201710-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201710-31"
          },
          {
            "name": "101338",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101338"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
          },
          {
            "name": "RHSA-2017:2999",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2999"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10293",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:45:35.807984Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T16:54:48.511Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u161"
            },
            {
              "status": "affected",
              "version": "7u151"
            },
            {
              "status": "affected",
              "version": "8u144"
            },
            {
              "status": "affected",
              "version": "9"
            }
          ]
        }
      ],
      "datePublic": "2017-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE accessible data as well as  unauthorized read access to a subset of Java SE accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-14T10:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:3047",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3047"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "RHSA-2017:3046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3046"
        },
        {
          "name": "1039596",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039596"
        },
        {
          "name": "GLSA-201710-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201710-31"
        },
        {
          "name": "101338",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101338"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
        },
        {
          "name": "RHSA-2017:2999",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2999"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10293",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u161"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u144"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE accessible data as well as  unauthorized read access to a subset of Java SE accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:3047",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3047"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "RHSA-2017:3046",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3046"
            },
            {
              "name": "1039596",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039596"
            },
            {
              "name": "GLSA-201710-31",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201710-31"
            },
            {
              "name": "101338",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101338"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171019-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
            },
            {
              "name": "RHSA-2017:2999",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2999"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10293",
    "datePublished": "2017-10-19T17:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T16:54:48.511Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-32206
Vulnerability from cvelistv5
Published
2022-07-07 00:00
Modified
2024-08-03 07:32
Severity ?
Summary
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:32:56.021Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/1570651"
          },
          {
            "name": "FEDORA-2022-1b3d7f6973",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
          },
          {
            "name": "DSA-5197",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5197"
          },
          {
            "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213488"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
          },
          {
            "name": "GLSA-202212-01",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202212-01"
          },
          {
            "name": "[oss-security] 20230215 curl: CVE-2023-23916: HTTP multi-header compression denial of service",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/02/15/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "https://github.com/curl/curl",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in 7.84.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "curl \u003c 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "Allocation of Resources Without Limits or Throttling (CWE-770)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-15T00:00:00",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://hackerone.com/reports/1570651"
        },
        {
          "name": "FEDORA-2022-1b3d7f6973",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
        },
        {
          "name": "DSA-5197",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5197"
        },
        {
          "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
        },
        {
          "url": "https://support.apple.com/kb/HT213488"
        },
        {
          "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
        },
        {
          "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
        },
        {
          "name": "GLSA-202212-01",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202212-01"
        },
        {
          "name": "[oss-security] 20230215 curl: CVE-2023-23916: HTTP multi-header compression denial of service",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/02/15/3"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2022-32206",
    "datePublished": "2022-07-07T00:00:00",
    "dateReserved": "2022-06-01T00:00:00",
    "dateUpdated": "2024-08-03T07:32:56.021Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-0201
Vulnerability from cvelistv5
Published
2019-05-23 13:42
Modified
2024-08-04 17:44
Severity ?
Summary
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.
References
http://www.securityfocus.com/bid/108427vdb-entry, x_refsource_BID
https://lists.debian.org/debian-lts-announce/2019/05/msg00033.htmlmailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391%40%3Cissues.bookkeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a%40%3Ccommits.accumulo.apache.org%3Emailing-list, x_refsource_MLIST
https://www.debian.org/security/2019/dsa-4461vendor-advisory, x_refsource_DEBIAN
https://seclists.org/bugtraq/2019/Jun/13mailing-list, x_refsource_BUGTRAQ
https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3140vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3892vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:4352vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://issues.apache.org/jira/browse/ZOOKEEPER-1392x_refsource_MISC
https://zookeeper.apache.org/security.html#CVE-2019-0201x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20190619-0001/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b%40%3Ccommon-issues.hadoop.apache.org%3Emailing-list, x_refsource_MLIST
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:44:14.871Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "108427",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108427"
          },
          {
            "name": "[debian-lts-announce] 20190524 [SECURITY] [DLA 1801-1] zookeeper security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html"
          },
          {
            "name": "[bookkeeper-issues] 20190531 [GitHub] [bookkeeper] eolivelli opened a new issue #2106: Update ZookKeeper dependency to 3.5.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "name": "[accumulo-commits] 20190605 [accumulo] branch 2.0 updated: Update ZooKeeper (CVE-2019-0201)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a%40%3Ccommits.accumulo.apache.org%3E"
          },
          {
            "name": "DSA-4461",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4461"
          },
          {
            "name": "20190612 [SECURITY] [DSA 4461-1] zookeeper security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jun/13"
          },
          {
            "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3140",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3140"
          },
          {
            "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3892",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3892"
          },
          {
            "name": "RHSA-2019:4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:4352"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://issues.apache.org/jira/browse/ZOOKEEPER-1392"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://zookeeper.apache.org/security.html#CVE-2019-0201"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190619-0001/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "name": "[hadoop-common-issues] 20210816 [GitHub] [hadoop] iwasakims opened a new pull request #3308: HADOOP-17850. Upgrade ZooKeeper to 3.4.14 in branch-3.2.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b%40%3Ccommon-issues.hadoop.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache ZooKeeper",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.0 to 3.4.13"
            },
            {
              "status": "affected",
              "version": "3.5.0-alpha to 3.5.4-beta"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper\u2019s getACL() command doesn\u2019t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-16T12:06:09",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "108427",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108427"
        },
        {
          "name": "[debian-lts-announce] 20190524 [SECURITY] [DLA 1801-1] zookeeper security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html"
        },
        {
          "name": "[bookkeeper-issues] 20190531 [GitHub] [bookkeeper] eolivelli opened a new issue #2106: Update ZookKeeper dependency to 3.5.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "name": "[accumulo-commits] 20190605 [accumulo] branch 2.0 updated: Update ZooKeeper (CVE-2019-0201)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a%40%3Ccommits.accumulo.apache.org%3E"
        },
        {
          "name": "DSA-4461",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4461"
        },
        {
          "name": "20190612 [SECURITY] [DSA 4461-1] zookeeper security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jun/13"
        },
        {
          "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3140",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3140"
        },
        {
          "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3892",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3892"
        },
        {
          "name": "RHSA-2019:4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:4352"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://issues.apache.org/jira/browse/ZOOKEEPER-1392"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://zookeeper.apache.org/security.html#CVE-2019-0201"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190619-0001/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "name": "[hadoop-common-issues] 20210816 [GitHub] [hadoop] iwasakims opened a new pull request #3308: HADOOP-17850. Upgrade ZooKeeper to 3.4.14 in branch-3.2.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b%40%3Ccommon-issues.hadoop.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2019-0201",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache ZooKeeper",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.0.0 to 3.4.13"
                          },
                          {
                            "version_value": "3.5.0-alpha to 3.5.4-beta"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper\u2019s getACL() command doesn\u2019t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "108427",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108427"
            },
            {
              "name": "[debian-lts-announce] 20190524 [SECURITY] [DLA 1801-1] zookeeper security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html"
            },
            {
              "name": "[bookkeeper-issues] 20190531 [GitHub] [bookkeeper] eolivelli opened a new issue #2106: Update ZookKeeper dependency to 3.5.5",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "[accumulo-commits] 20190605 [accumulo] branch 2.0 updated: Update ZooKeeper (CVE-2019-0201)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a@%3Ccommits.accumulo.apache.org%3E"
            },
            {
              "name": "DSA-4461",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4461"
            },
            {
              "name": "20190612 [SECURITY] [DSA 4461-1] zookeeper security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jun/13"
            },
            {
              "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3140",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3140"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3892",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3892"
            },
            {
              "name": "RHSA-2019:4352",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:4352"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://issues.apache.org/jira/browse/ZOOKEEPER-1392",
              "refsource": "MISC",
              "url": "https://issues.apache.org/jira/browse/ZOOKEEPER-1392"
            },
            {
              "name": "https://zookeeper.apache.org/security.html#CVE-2019-0201",
              "refsource": "CONFIRM",
              "url": "https://zookeeper.apache.org/security.html#CVE-2019-0201"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190619-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190619-0001/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "[hadoop-common-issues] 20210816 [GitHub] [hadoop] iwasakims opened a new pull request #3308: HADOOP-17850. Upgrade ZooKeeper to 3.4.14 in branch-3.2.",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b@%3Ccommon-issues.hadoop.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2019-0201",
    "datePublished": "2019-05-23T13:42:47",
    "dateReserved": "2018-11-14T00:00:00",
    "dateUpdated": "2024-08-04T17:44:14.871Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-6485
Vulnerability from cvelistv5
Published
2018-02-01 14:00
Modified
2024-08-05 06:01
Severity ?
Summary
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:01:49.264Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22343"
          },
          {
            "name": "102912",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102912"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/878159"
          },
          {
            "name": "RHSA-2018:3092",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3092"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190404-0003/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "name": "RHBA-2019:0327",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHBA-2019:0327"
          },
          {
            "name": "USN-4218-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4218-1/"
          },
          {
            "name": "USN-4416-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4416-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-02-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-09T19:06:06",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22343"
        },
        {
          "name": "102912",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102912"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/878159"
        },
        {
          "name": "RHSA-2018:3092",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3092"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190404-0003/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "name": "RHBA-2019:0327",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2019:0327"
        },
        {
          "name": "USN-4218-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4218-1/"
        },
        {
          "name": "USN-4416-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4416-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-6485",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22343",
              "refsource": "CONFIRM",
              "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22343"
            },
            {
              "name": "102912",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102912"
            },
            {
              "name": "http://bugs.debian.org/878159",
              "refsource": "CONFIRM",
              "url": "http://bugs.debian.org/878159"
            },
            {
              "name": "RHSA-2018:3092",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3092"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190404-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190404-0003/"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "RHBA-2019:0327",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHBA-2019:0327"
            },
            {
              "name": "USN-4218-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4218-1/"
            },
            {
              "name": "USN-4416-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4416-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-6485",
    "datePublished": "2018-02-01T14:00:00",
    "dateReserved": "2018-02-01T00:00:00",
    "dateUpdated": "2024-08-05T06:01:49.264Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10105
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:03
Severity ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).
References
https://access.redhat.com/errata/RHSA-2017:1791vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1790vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170720-0001/x_refsource_CONFIRM
http://www.securitytracker.com/id/1038931vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1792vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201709-22vendor-advisory, x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2017:2481vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2530vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2469vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/99851vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:33:15.041Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1791"
          },
          {
            "name": "RHSA-2017:1790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "RHSA-2017:1792",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1792"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "name": "RHSA-2017:2481",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2481"
          },
          {
            "name": "RHSA-2017:2530",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2530"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:2469",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2469"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "99851",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99851"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10105",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:52:08.762560Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T19:03:46.554Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u151"
            },
            {
              "status": "affected",
              "version": "7u141"
            },
            {
              "status": "affected",
              "version": "8u131"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:1791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1791"
        },
        {
          "name": "RHSA-2017:1790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "RHSA-2017:1792",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1792"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "name": "RHSA-2017:2481",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2481"
        },
        {
          "name": "RHSA-2017:2530",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2530"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:2469",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2469"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "99851",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99851"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10105",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u141"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u131"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1791"
            },
            {
              "name": "RHSA-2017:1790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1790"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "RHSA-2017:1792",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1792"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "RHSA-2017:2481",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2481"
            },
            {
              "name": "RHSA-2017:2530",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2530"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:2469",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2469"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            },
            {
              "name": "99851",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99851"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10105",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T19:03:46.554Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10111
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:02
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:33:16.471Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "name": "RHSA-2017:1789",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1789"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "name": "99707",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99707"
          },
          {
            "name": "DSA-3919",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3919"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10111",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:39:28.125918Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T19:02:59.127Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 8u131; Java SE Embedded: 8u131"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:1790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "name": "RHSA-2017:1789",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1789"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "name": "99707",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99707"
        },
        {
          "name": "DSA-3919",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3919"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10111",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 8u131; Java SE Embedded: 8u131"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1790"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "RHSA-2017:1789",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1789"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "99707",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99707"
            },
            {
              "name": "DSA-3919",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3919"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10111",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T19:02:59.127Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10346
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:49
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
https://access.redhat.com/errata/RHSA-2017:3047vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201711-14vendor-advisory, x_refsource_GENTOO
https://www.synology.com/support/security/Synology_SA_17_66_OpenJDKx_refsource_CONFIRM
https://www.debian.org/security/2017/dsa-4015vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3267vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2998vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3268vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:3046vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1039596vdb-entry, x_refsource_SECTRACK
https://security.gentoo.org/glsa/201710-31vendor-advisory, x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2017:3264vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2017/dsa-4048vendor-advisory, x_refsource_DEBIAN
http://www.securityfocus.com/bid/101315vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3392vendor-advisory, x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlmailing-list, x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20171019-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:2999vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:41:54.607Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:3047",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3047"
          },
          {
            "name": "GLSA-201711-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201711-14"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK"
          },
          {
            "name": "DSA-4015",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4015"
          },
          {
            "name": "RHSA-2017:3267",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3267"
          },
          {
            "name": "RHSA-2017:2998",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2998"
          },
          {
            "name": "RHSA-2017:3268",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3268"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "RHSA-2017:3046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3046"
          },
          {
            "name": "1039596",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039596"
          },
          {
            "name": "GLSA-201710-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201710-31"
          },
          {
            "name": "RHSA-2017:3264",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3264"
          },
          {
            "name": "DSA-4048",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4048"
          },
          {
            "name": "101315",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101315"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:3392",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3392"
          },
          {
            "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
          },
          {
            "name": "RHSA-2017:2999",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2999"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10346",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:38:59.769224Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T16:49:31.398Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u161"
            },
            {
              "status": "affected",
              "version": "7u151"
            },
            {
              "status": "affected",
              "version": "8u144"
            },
            {
              "status": "affected",
              "version": "9; Java SE Embedded: 8u144"
            }
          ]
        }
      ],
      "datePublic": "2017-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-02T10:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:3047",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3047"
        },
        {
          "name": "GLSA-201711-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201711-14"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK"
        },
        {
          "name": "DSA-4015",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4015"
        },
        {
          "name": "RHSA-2017:3267",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3267"
        },
        {
          "name": "RHSA-2017:2998",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2998"
        },
        {
          "name": "RHSA-2017:3268",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3268"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "RHSA-2017:3046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3046"
        },
        {
          "name": "1039596",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039596"
        },
        {
          "name": "GLSA-201710-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201710-31"
        },
        {
          "name": "RHSA-2017:3264",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3264"
        },
        {
          "name": "DSA-4048",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4048"
        },
        {
          "name": "101315",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101315"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:3392",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3392"
        },
        {
          "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
        },
        {
          "name": "RHSA-2017:2999",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2999"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10346",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u161"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u144"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9; Java SE Embedded: 8u144"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:3047",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3047"
            },
            {
              "name": "GLSA-201711-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201711-14"
            },
            {
              "name": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK"
            },
            {
              "name": "DSA-4015",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4015"
            },
            {
              "name": "RHSA-2017:3267",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3267"
            },
            {
              "name": "RHSA-2017:2998",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2998"
            },
            {
              "name": "RHSA-2017:3268",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3268"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "RHSA-2017:3046",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3046"
            },
            {
              "name": "1039596",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039596"
            },
            {
              "name": "GLSA-201710-31",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201710-31"
            },
            {
              "name": "RHSA-2017:3264",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3264"
            },
            {
              "name": "DSA-4048",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4048"
            },
            {
              "name": "101315",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101315"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:3392",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3392"
            },
            {
              "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171019-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
            },
            {
              "name": "RHSA-2017:2999",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2999"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10346",
    "datePublished": "2017-10-19T17:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T16:49:31.398Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-21443
Vulnerability from cvelistv5
Published
2022-04-19 20:37
Modified
2024-08-03 02:38
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-21443",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-24T15:31:25.581438Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-24T15:31:36.356Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:38:56.379Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
          },
          {
            "name": "DSA-5128",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5128"
          },
          {
            "name": "DSA-5131",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5131"
          },
          {
            "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:7u331"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u321"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.14"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.2"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:18"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.5"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:22.0.0.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:06:38.587068",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
        },
        {
          "name": "DSA-5128",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5128"
        },
        {
          "name": "DSA-5131",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5131"
        },
        {
          "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21443",
    "datePublished": "2022-04-19T20:37:30",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-08-03T02:38:56.379Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10053
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:09
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
http://www.securityfocus.com/bid/99842vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2017:1791vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1790vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170720-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1789vendor-advisory, x_refsource_REDHAT
https://cert.vde.com/en-us/advisories/vde-2017-002x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:2424vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1038931vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1792vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201709-22vendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3919vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:2481vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2530vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2469vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3954vendor-advisory, x_refsource_DEBIAN
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:25:00.868Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "99842",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99842"
          },
          {
            "name": "RHSA-2017:1791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1791"
          },
          {
            "name": "RHSA-2017:1790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "name": "RHSA-2017:1789",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1789"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
          },
          {
            "name": "RHSA-2017:2424",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2424"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "RHSA-2017:1792",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1792"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "name": "DSA-3919",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3919"
          },
          {
            "name": "RHSA-2017:2481",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2481"
          },
          {
            "name": "RHSA-2017:2530",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2530"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:2469",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2469"
          },
          {
            "name": "DSA-3954",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3954"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10053",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:36:58.301283Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T19:09:18.724Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u151"
            },
            {
              "status": "affected",
              "version": "7u141"
            },
            {
              "status": "affected",
              "version": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-16T13:57:02",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "99842",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99842"
        },
        {
          "name": "RHSA-2017:1791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1791"
        },
        {
          "name": "RHSA-2017:1790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "name": "RHSA-2017:1789",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1789"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
        },
        {
          "name": "RHSA-2017:2424",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2424"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "RHSA-2017:1792",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1792"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "name": "DSA-3919",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3919"
        },
        {
          "name": "RHSA-2017:2481",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2481"
        },
        {
          "name": "RHSA-2017:2530",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2530"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:2469",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2469"
        },
        {
          "name": "DSA-3954",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3954"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10053",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u141"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "99842",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99842"
            },
            {
              "name": "RHSA-2017:1791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1791"
            },
            {
              "name": "RHSA-2017:1790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1790"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "RHSA-2017:1789",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1789"
            },
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2017-002",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
            },
            {
              "name": "RHSA-2017:2424",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2424"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "RHSA-2017:1792",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1792"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "DSA-3919",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3919"
            },
            {
              "name": "RHSA-2017:2481",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2481"
            },
            {
              "name": "RHSA-2017:2530",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2530"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:2469",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2469"
            },
            {
              "name": "DSA-3954",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3954"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10053",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T19:09:18.724Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10096
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:04
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
https://access.redhat.com/errata/RHSA-2017:1791vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1790vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170720-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1789vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/99670vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2017:2424vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1038931vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1792vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201709-22vendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3919vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:2481vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2530vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2469vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3954vendor-advisory, x_refsource_DEBIAN
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:33:15.075Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1791"
          },
          {
            "name": "RHSA-2017:1790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "name": "RHSA-2017:1789",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1789"
          },
          {
            "name": "99670",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99670"
          },
          {
            "name": "RHSA-2017:2424",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2424"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "RHSA-2017:1792",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1792"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "name": "DSA-3919",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3919"
          },
          {
            "name": "RHSA-2017:2481",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2481"
          },
          {
            "name": "RHSA-2017:2530",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2530"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:2469",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2469"
          },
          {
            "name": "DSA-3954",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3954"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10096",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:39:38.743876Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T19:04:39.770Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u151"
            },
            {
              "status": "affected",
              "version": "7u141"
            },
            {
              "status": "affected",
              "version": "8u131; Java SE Embedded: 8u131"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:1791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1791"
        },
        {
          "name": "RHSA-2017:1790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "name": "RHSA-2017:1789",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1789"
        },
        {
          "name": "99670",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99670"
        },
        {
          "name": "RHSA-2017:2424",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2424"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "RHSA-2017:1792",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1792"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "name": "DSA-3919",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3919"
        },
        {
          "name": "RHSA-2017:2481",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2481"
        },
        {
          "name": "RHSA-2017:2530",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2530"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:2469",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2469"
        },
        {
          "name": "DSA-3954",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3954"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10096",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u141"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u131; Java SE Embedded: 8u131"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1791"
            },
            {
              "name": "RHSA-2017:1790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1790"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "RHSA-2017:1789",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1789"
            },
            {
              "name": "99670",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99670"
            },
            {
              "name": "RHSA-2017:2424",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2424"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "RHSA-2017:1792",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1792"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "DSA-3919",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3919"
            },
            {
              "name": "RHSA-2017:2481",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2481"
            },
            {
              "name": "RHSA-2017:2530",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2530"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:2469",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2469"
            },
            {
              "name": "DSA-3954",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3954"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10096",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T19:04:39.770Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-6109
Vulnerability from cvelistv5
Published
2019-01-31 00:00
Modified
2024-08-04 20:16
Severity ?
Summary
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:16:24.501Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4387",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4387"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190213-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"
          },
          {
            "name": "USN-3885-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3885-1/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
          },
          {
            "name": "GLSA-201903-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201903-16"
          },
          {
            "name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"
          },
          {
            "name": "FEDORA-2019-0f4190cdb0",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/"
          },
          {
            "name": "openSUSE-SU-2019:1602",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "name": "RHSA-2019:3702",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3702"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-01-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4387",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4387"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20190213-0001/"
        },
        {
          "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"
        },
        {
          "name": "USN-3885-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/3885-1/"
        },
        {
          "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c"
        },
        {
          "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
        },
        {
          "name": "GLSA-201903-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201903-16"
        },
        {
          "name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"
        },
        {
          "name": "FEDORA-2019-0f4190cdb0",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/"
        },
        {
          "name": "openSUSE-SU-2019:1602",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "name": "RHSA-2019:3702",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3702"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-6109",
    "datePublished": "2019-01-31T00:00:00",
    "dateReserved": "2019-01-10T00:00:00",
    "dateUpdated": "2024-08-04T20:16:24.501Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10109
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:03
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
https://access.redhat.com/errata/RHSA-2017:1791vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1790vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170720-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1789vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2424vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/99847vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1038931vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1792vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201709-22vendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3919vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:2481vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2530vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2469vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3954vendor-advisory, x_refsource_DEBIAN
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:33:16.701Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1791"
          },
          {
            "name": "RHSA-2017:1790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "name": "RHSA-2017:1789",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1789"
          },
          {
            "name": "RHSA-2017:2424",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2424"
          },
          {
            "name": "99847",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99847"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "RHSA-2017:1792",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1792"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "name": "DSA-3919",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3919"
          },
          {
            "name": "RHSA-2017:2481",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2481"
          },
          {
            "name": "RHSA-2017:2530",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2530"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:2469",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2469"
          },
          {
            "name": "DSA-3954",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3954"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10109",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:36:49.347638Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T19:03:14.843Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u151"
            },
            {
              "status": "affected",
              "version": "7u141"
            },
            {
              "status": "affected",
              "version": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:1791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1791"
        },
        {
          "name": "RHSA-2017:1790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "name": "RHSA-2017:1789",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1789"
        },
        {
          "name": "RHSA-2017:2424",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2424"
        },
        {
          "name": "99847",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99847"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "RHSA-2017:1792",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1792"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "name": "DSA-3919",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3919"
        },
        {
          "name": "RHSA-2017:2481",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2481"
        },
        {
          "name": "RHSA-2017:2530",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2530"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:2469",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2469"
        },
        {
          "name": "DSA-3954",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3954"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10109",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u141"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1791"
            },
            {
              "name": "RHSA-2017:1790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1790"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "RHSA-2017:1789",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1789"
            },
            {
              "name": "RHSA-2017:2424",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2424"
            },
            {
              "name": "99847",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99847"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "RHSA-2017:1792",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1792"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "DSA-3919",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3919"
            },
            {
              "name": "RHSA-2017:2481",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2481"
            },
            {
              "name": "RHSA-2017:2530",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2530"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:2469",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2469"
            },
            {
              "name": "DSA-3954",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3954"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10109",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T19:03:14.843Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10087
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
https://access.redhat.com/errata/RHSA-2017:1791vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/99703vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2017:1790vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170720-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1789vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2424vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1038931vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1792vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201709-22vendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3919vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:2481vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2530vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2469vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3954vendor-advisory, x_refsource_DEBIAN
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:25:00.925Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1791"
          },
          {
            "name": "99703",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99703"
          },
          {
            "name": "RHSA-2017:1790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "name": "RHSA-2017:1789",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1789"
          },
          {
            "name": "RHSA-2017:2424",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2424"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "RHSA-2017:1792",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1792"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "name": "DSA-3919",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3919"
          },
          {
            "name": "RHSA-2017:2481",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2481"
          },
          {
            "name": "RHSA-2017:2530",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2530"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:2469",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2469"
          },
          {
            "name": "DSA-3954",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3954"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10087",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:39:47.360248Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T19:05:39.688Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u151"
            },
            {
              "status": "affected",
              "version": "7u141"
            },
            {
              "status": "affected",
              "version": "8u131; Java SE Embedded: 8u131"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:1791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1791"
        },
        {
          "name": "99703",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99703"
        },
        {
          "name": "RHSA-2017:1790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "name": "RHSA-2017:1789",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1789"
        },
        {
          "name": "RHSA-2017:2424",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2424"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "RHSA-2017:1792",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1792"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "name": "DSA-3919",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3919"
        },
        {
          "name": "RHSA-2017:2481",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2481"
        },
        {
          "name": "RHSA-2017:2530",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2530"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:2469",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2469"
        },
        {
          "name": "DSA-3954",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3954"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10087",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u141"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u131; Java SE Embedded: 8u131"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1791"
            },
            {
              "name": "99703",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99703"
            },
            {
              "name": "RHSA-2017:1790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1790"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "RHSA-2017:1789",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1789"
            },
            {
              "name": "RHSA-2017:2424",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2424"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "RHSA-2017:1792",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1792"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "DSA-3919",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3919"
            },
            {
              "name": "RHSA-2017:2481",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2481"
            },
            {
              "name": "RHSA-2017:2530",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2530"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:2469",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2469"
            },
            {
              "name": "DSA-3954",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3954"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10087",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T19:05:39.688Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10345
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:49
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).
References
http://www.securityfocus.com/bid/101396vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2017:3047vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201711-14vendor-advisory, x_refsource_GENTOO
https://www.debian.org/security/2017/dsa-4015vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3267vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2998vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3268vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:3046vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1039596vdb-entry, x_refsource_SECTRACK
https://security.gentoo.org/glsa/201710-31vendor-advisory, x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2017:3264vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2017/dsa-4048vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3392vendor-advisory, x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlmailing-list, x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20171019-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:2999vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:41:54.620Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "101396",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101396"
          },
          {
            "name": "RHSA-2017:3047",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3047"
          },
          {
            "name": "GLSA-201711-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201711-14"
          },
          {
            "name": "DSA-4015",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4015"
          },
          {
            "name": "RHSA-2017:3267",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3267"
          },
          {
            "name": "RHSA-2017:2998",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2998"
          },
          {
            "name": "RHSA-2017:3268",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3268"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "RHSA-2017:3046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3046"
          },
          {
            "name": "1039596",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039596"
          },
          {
            "name": "GLSA-201710-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201710-31"
          },
          {
            "name": "RHSA-2017:3264",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3264"
          },
          {
            "name": "DSA-4048",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4048"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:3392",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3392"
          },
          {
            "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
          },
          {
            "name": "RHSA-2017:2999",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2999"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10345",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:43:36.658497Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T16:49:38.245Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u161"
            },
            {
              "status": "affected",
              "version": "7u151"
            },
            {
              "status": "affected",
              "version": "8u144"
            },
            {
              "status": "affected",
              "version": "9; Java SE Embedded: 8u144; JRockit: R28.3.15"
            }
          ]
        }
      ],
      "datePublic": "2017-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-02T10:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "101396",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101396"
        },
        {
          "name": "RHSA-2017:3047",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3047"
        },
        {
          "name": "GLSA-201711-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201711-14"
        },
        {
          "name": "DSA-4015",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4015"
        },
        {
          "name": "RHSA-2017:3267",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3267"
        },
        {
          "name": "RHSA-2017:2998",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2998"
        },
        {
          "name": "RHSA-2017:3268",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3268"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "RHSA-2017:3046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3046"
        },
        {
          "name": "1039596",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039596"
        },
        {
          "name": "GLSA-201710-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201710-31"
        },
        {
          "name": "RHSA-2017:3264",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3264"
        },
        {
          "name": "DSA-4048",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4048"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:3392",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3392"
        },
        {
          "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
        },
        {
          "name": "RHSA-2017:2999",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2999"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10345",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u161"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u144"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9; Java SE Embedded: 8u144; JRockit: R28.3.15"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "101396",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101396"
            },
            {
              "name": "RHSA-2017:3047",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3047"
            },
            {
              "name": "GLSA-201711-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201711-14"
            },
            {
              "name": "DSA-4015",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4015"
            },
            {
              "name": "RHSA-2017:3267",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3267"
            },
            {
              "name": "RHSA-2017:2998",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2998"
            },
            {
              "name": "RHSA-2017:3268",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3268"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "RHSA-2017:3046",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3046"
            },
            {
              "name": "1039596",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039596"
            },
            {
              "name": "GLSA-201710-31",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201710-31"
            },
            {
              "name": "RHSA-2017:3264",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3264"
            },
            {
              "name": "DSA-4048",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4048"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:3392",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3392"
            },
            {
              "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171019-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
            },
            {
              "name": "RHSA-2017:2999",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2999"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10345",
    "datePublished": "2017-10-19T17:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T16:49:38.245Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10274
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:56
Severity ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:33:16.898Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:3047",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3047"
          },
          {
            "name": "GLSA-201711-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201711-14"
          },
          {
            "name": "101333",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101333"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK"
          },
          {
            "name": "DSA-4015",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4015"
          },
          {
            "name": "RHSA-2017:2998",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2998"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "RHSA-2017:3046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3046"
          },
          {
            "name": "1039596",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039596"
          },
          {
            "name": "GLSA-201710-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201710-31"
          },
          {
            "name": "DSA-4048",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4048"
          },
          {
            "name": "RHSA-2017:3392",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3392"
          },
          {
            "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
          },
          {
            "name": "RHSA-2017:2999",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2999"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10274",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:39:02.906928Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T16:56:12.072Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u161"
            },
            {
              "status": "affected",
              "version": "7u151"
            },
            {
              "status": "affected",
              "version": "8u144"
            },
            {
              "status": "affected",
              "version": "9"
            }
          ]
        }
      ],
      "datePublic": "2017-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as  unauthorized access to critical data or complete access to all Java SE accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-02T10:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:3047",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3047"
        },
        {
          "name": "GLSA-201711-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201711-14"
        },
        {
          "name": "101333",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101333"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK"
        },
        {
          "name": "DSA-4015",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4015"
        },
        {
          "name": "RHSA-2017:2998",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2998"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "RHSA-2017:3046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3046"
        },
        {
          "name": "1039596",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039596"
        },
        {
          "name": "GLSA-201710-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201710-31"
        },
        {
          "name": "DSA-4048",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4048"
        },
        {
          "name": "RHSA-2017:3392",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3392"
        },
        {
          "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
        },
        {
          "name": "RHSA-2017:2999",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2999"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10274",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u161"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u144"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as  unauthorized access to critical data or complete access to all Java SE accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:3047",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3047"
            },
            {
              "name": "GLSA-201711-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201711-14"
            },
            {
              "name": "101333",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101333"
            },
            {
              "name": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK"
            },
            {
              "name": "DSA-4015",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4015"
            },
            {
              "name": "RHSA-2017:2998",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2998"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "RHSA-2017:3046",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3046"
            },
            {
              "name": "1039596",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039596"
            },
            {
              "name": "GLSA-201710-31",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201710-31"
            },
            {
              "name": "DSA-4048",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4048"
            },
            {
              "name": "RHSA-2017:3392",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3392"
            },
            {
              "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171019-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
            },
            {
              "name": "RHSA-2017:2999",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2999"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10274",
    "datePublished": "2017-10-19T17:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T16:56:12.072Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10102
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:04
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).
References
https://access.redhat.com/errata/RHSA-2017:1791vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1790vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170720-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1789vendor-advisory, x_refsource_REDHAT
https://cert.vde.com/en-us/advisories/vde-2017-002x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:2424vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/99712vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1038931vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1792vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201709-22vendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3919vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:2481vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2530vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2469vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3954vendor-advisory, x_refsource_DEBIAN
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:33:15.096Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1791"
          },
          {
            "name": "RHSA-2017:1790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "name": "RHSA-2017:1789",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1789"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
          },
          {
            "name": "RHSA-2017:2424",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2424"
          },
          {
            "name": "99712",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99712"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "RHSA-2017:1792",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1792"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "name": "DSA-3919",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3919"
          },
          {
            "name": "RHSA-2017:2481",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2481"
          },
          {
            "name": "RHSA-2017:2530",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2530"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:2469",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2469"
          },
          {
            "name": "DSA-3954",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3954"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10102",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:39:36.652061Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T19:04:06.819Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u151"
            },
            {
              "status": "affected",
              "version": "7u141"
            },
            {
              "status": "affected",
              "version": "8u131; Java SE Embedded: 8u131"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-16T13:57:02",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:1791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1791"
        },
        {
          "name": "RHSA-2017:1790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "name": "RHSA-2017:1789",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1789"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
        },
        {
          "name": "RHSA-2017:2424",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2424"
        },
        {
          "name": "99712",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99712"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "RHSA-2017:1792",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1792"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "name": "DSA-3919",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3919"
        },
        {
          "name": "RHSA-2017:2481",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2481"
        },
        {
          "name": "RHSA-2017:2530",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2530"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:2469",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2469"
        },
        {
          "name": "DSA-3954",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3954"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10102",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u141"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u131; Java SE Embedded: 8u131"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1791"
            },
            {
              "name": "RHSA-2017:1790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1790"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "RHSA-2017:1789",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1789"
            },
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2017-002",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
            },
            {
              "name": "RHSA-2017:2424",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2424"
            },
            {
              "name": "99712",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99712"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "RHSA-2017:1792",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1792"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "DSA-3919",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3919"
            },
            {
              "name": "RHSA-2017:2481",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2481"
            },
            {
              "name": "RHSA-2017:2530",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2530"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:2469",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2469"
            },
            {
              "name": "DSA-3954",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3954"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10102",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T19:04:06.819Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10135
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:00
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
https://access.redhat.com/errata/RHSA-2017:1791vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1790vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170720-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1789vendor-advisory, x_refsource_REDHAT
https://cert.vde.com/en-us/advisories/vde-2017-002x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:2424vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1038931vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/99839vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2017:1792vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201709-22vendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3919vendor-advisory, x_refsource_DEBIAN
http://www.debian.org/security/2017/dsa-3954vendor-advisory, x_refsource_DEBIAN
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:33:16.276Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1791"
          },
          {
            "name": "RHSA-2017:1790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "name": "RHSA-2017:1789",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1789"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
          },
          {
            "name": "RHSA-2017:2424",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2424"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "99839",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99839"
          },
          {
            "name": "RHSA-2017:1792",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1792"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "name": "DSA-3919",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3919"
          },
          {
            "name": "DSA-3954",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3954"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10135",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:51:46.063191Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T19:00:17.520Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u151"
            },
            {
              "status": "affected",
              "version": "7u141"
            },
            {
              "status": "affected",
              "version": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-16T13:57:02",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:1791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1791"
        },
        {
          "name": "RHSA-2017:1790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "name": "RHSA-2017:1789",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1789"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
        },
        {
          "name": "RHSA-2017:2424",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2424"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "99839",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99839"
        },
        {
          "name": "RHSA-2017:1792",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1792"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "name": "DSA-3919",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3919"
        },
        {
          "name": "DSA-3954",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3954"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10135",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u141"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1791"
            },
            {
              "name": "RHSA-2017:1790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1790"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "RHSA-2017:1789",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1789"
            },
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2017-002",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
            },
            {
              "name": "RHSA-2017:2424",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2424"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "99839",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99839"
            },
            {
              "name": "RHSA-2017:1792",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1792"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "DSA-3919",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3919"
            },
            {
              "name": "DSA-3954",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3954"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10135",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T19:00:17.520Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10107
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:03
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
https://access.redhat.com/errata/RHSA-2017:1791vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1790vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170720-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1789vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2424vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1038931vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1792vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201709-22vendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3919vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:2481vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2530vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/99719vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2469vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3954vendor-advisory, x_refsource_DEBIAN
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:33:16.294Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1791"
          },
          {
            "name": "RHSA-2017:1790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "name": "RHSA-2017:1789",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1789"
          },
          {
            "name": "RHSA-2017:2424",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2424"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "RHSA-2017:1792",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1792"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "name": "DSA-3919",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3919"
          },
          {
            "name": "RHSA-2017:2481",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2481"
          },
          {
            "name": "RHSA-2017:2530",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2530"
          },
          {
            "name": "99719",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99719"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:2469",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2469"
          },
          {
            "name": "DSA-3954",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3954"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10107",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:39:35.619154Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T19:03:31.799Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u151"
            },
            {
              "status": "affected",
              "version": "7u141"
            },
            {
              "status": "affected",
              "version": "8u131; Java SE Embedded: 8u131"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:1791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1791"
        },
        {
          "name": "RHSA-2017:1790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "name": "RHSA-2017:1789",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1789"
        },
        {
          "name": "RHSA-2017:2424",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2424"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "RHSA-2017:1792",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1792"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "name": "DSA-3919",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3919"
        },
        {
          "name": "RHSA-2017:2481",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2481"
        },
        {
          "name": "RHSA-2017:2530",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2530"
        },
        {
          "name": "99719",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99719"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:2469",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2469"
        },
        {
          "name": "DSA-3954",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3954"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10107",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u141"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u131; Java SE Embedded: 8u131"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1791"
            },
            {
              "name": "RHSA-2017:1790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1790"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "RHSA-2017:1789",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1789"
            },
            {
              "name": "RHSA-2017:2424",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2424"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "RHSA-2017:1792",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1792"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "DSA-3919",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3919"
            },
            {
              "name": "RHSA-2017:2481",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2481"
            },
            {
              "name": "RHSA-2017:2530",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2530"
            },
            {
              "name": "99719",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99719"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:2469",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2469"
            },
            {
              "name": "DSA-3954",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3954"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10107",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T19:03:31.799Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-9077
Vulnerability from cvelistv5
Published
2019-02-24 00:00
Modified
2024-08-04 21:38
Severity ?
Summary
An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:38:46.345Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24243"
          },
          {
            "name": "107139",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107139"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190314-0003/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K00056379"
          },
          {
            "name": "USN-4336-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4336-1/"
          },
          {
            "name": "openSUSE-SU-2020:1790",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html"
          },
          {
            "name": "openSUSE-SU-2020:1804",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html"
          },
          {
            "name": "GLSA-202107-24",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202107-24"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-02-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-10T04:06:51",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24243"
        },
        {
          "name": "107139",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107139"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190314-0003/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K00056379"
        },
        {
          "name": "USN-4336-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4336-1/"
        },
        {
          "name": "openSUSE-SU-2020:1790",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html"
        },
        {
          "name": "openSUSE-SU-2020:1804",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html"
        },
        {
          "name": "GLSA-202107-24",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202107-24"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-9077",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=24243",
              "refsource": "MISC",
              "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24243"
            },
            {
              "name": "107139",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107139"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190314-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190314-0003/"
            },
            {
              "name": "https://support.f5.com/csp/article/K00056379",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K00056379"
            },
            {
              "name": "USN-4336-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4336-1/"
            },
            {
              "name": "openSUSE-SU-2020:1790",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html"
            },
            {
              "name": "openSUSE-SU-2020:1804",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html"
            },
            {
              "name": "GLSA-202107-24",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202107-24"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-9077",
    "datePublished": "2019-02-24T00:00:00",
    "dateReserved": "2019-02-23T00:00:00",
    "dateUpdated": "2024-08-04T21:38:46.345Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-16866
Vulnerability from cvelistv5
Published
2019-01-11 19:00
Modified
2024-08-05 10:32
Summary
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:32:54.043Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4367",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4367"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190117-0001/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.qualys.com/2019/01/09/system-down/system-down.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866"
          },
          {
            "name": "USN-3855-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3855-1/"
          },
          {
            "name": "106527",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106527"
          },
          {
            "name": "GLSA-201903-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201903-07"
          },
          {
            "name": "[oss-security] 20190510 Re: System Down: A systemd-journald exploit",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/05/10/4"
          },
          {
            "name": "20190513 Re: System Down: A systemd-journald exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/May/25"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html"
          },
          {
            "name": "20190513 Re: System Down: A systemd-journald exploit",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/May/21"
          },
          {
            "name": "RHSA-2019:2091",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2091"
          },
          {
            "name": "RHSA-2019:3222",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3222"
          },
          {
            "name": "RHSA-2020:0593",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0593"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "systemd",
          "vendor": "The systemd Project",
          "versions": [
            {
              "status": "affected",
              "version": "from v221 to v239"
            }
          ]
        }
      ],
      "datePublic": "2019-01-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon \u0027:\u0027. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-25T14:06:20",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "DSA-4367",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4367"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190117-0001/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.qualys.com/2019/01/09/system-down/system-down.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866"
        },
        {
          "name": "USN-3855-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3855-1/"
        },
        {
          "name": "106527",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106527"
        },
        {
          "name": "GLSA-201903-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201903-07"
        },
        {
          "name": "[oss-security] 20190510 Re: System Down: A systemd-journald exploit",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/05/10/4"
        },
        {
          "name": "20190513 Re: System Down: A systemd-journald exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/May/25"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html"
        },
        {
          "name": "20190513 Re: System Down: A systemd-journald exploit",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/May/21"
        },
        {
          "name": "RHSA-2019:2091",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2091"
        },
        {
          "name": "RHSA-2019:3222",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3222"
        },
        {
          "name": "RHSA-2020:0593",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0593"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-16866",
    "datePublished": "2019-01-11T19:00:00",
    "dateReserved": "2018-09-11T00:00:00",
    "dateUpdated": "2024-08-05T10:32:54.043Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10114
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:02
Severity ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:33:16.331Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1791"
          },
          {
            "name": "RHSA-2017:1790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "name": "DSA-4005",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-4005"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "name": "99726",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99726"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10114",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:39:27.091952Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T19:02:38.542Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u141"
            },
            {
              "status": "affected",
              "version": "8u131"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:1791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1791"
        },
        {
          "name": "RHSA-2017:1790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "name": "DSA-4005",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-4005"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "name": "99726",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99726"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10114",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u141"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u131"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1791"
            },
            {
              "name": "RHSA-2017:1790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1790"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "DSA-4005",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-4005"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "99726",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99726"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10114",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T19:02:38.542Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-12653
Vulnerability from cvelistv5
Published
2020-05-05 04:47
Modified
2024-08-04 12:04
Severity ?
Summary
An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:04:22.557Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d"
          },
          {
            "name": "[oss-security] 20200508 Linux kernel: two buffer overflow in the marvell wifi driver",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/05/08/2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
          },
          {
            "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
          },
          {
            "name": "DSA-4698",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4698"
          },
          {
            "name": "openSUSE-SU-2020:0801",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-13T08:12:48",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d"
        },
        {
          "name": "[oss-security] 20200508 Linux kernel: two buffer overflow in the marvell wifi driver",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/05/08/2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
        },
        {
          "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
        },
        {
          "name": "DSA-4698",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4698"
        },
        {
          "name": "openSUSE-SU-2020:0801",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-12653",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d"
            },
            {
              "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d",
              "refsource": "MISC",
              "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d"
            },
            {
              "name": "[oss-security] 20200508 Linux kernel: two buffer overflow in the marvell wifi driver",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/05/08/2"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200608-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
            },
            {
              "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
            },
            {
              "name": "DSA-4698",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4698"
            },
            {
              "name": "openSUSE-SU-2020:0801",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-12653",
    "datePublished": "2020-05-05T04:47:35",
    "dateReserved": "2020-05-05T00:00:00",
    "dateUpdated": "2024-08-04T12:04:22.557Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10067
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:07
Severity ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).
References
https://access.redhat.com/errata/RHSA-2017:1791vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/99756vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2017:1790vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170720-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1789vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2424vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1038931vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1792vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201709-22vendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3919vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:2481vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2530vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2469vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3954vendor-advisory, x_refsource_DEBIAN
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:25:00.592Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1791"
          },
          {
            "name": "99756",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99756"
          },
          {
            "name": "RHSA-2017:1790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "name": "RHSA-2017:1789",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1789"
          },
          {
            "name": "RHSA-2017:2424",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2424"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "RHSA-2017:1792",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1792"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "name": "DSA-3919",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3919"
          },
          {
            "name": "RHSA-2017:2481",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2481"
          },
          {
            "name": "RHSA-2017:2530",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2530"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:2469",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2469"
          },
          {
            "name": "DSA-3954",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3954"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10067",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:39:56.881415Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T19:07:59.164Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u151"
            },
            {
              "status": "affected",
              "version": "7u141"
            },
            {
              "status": "affected",
              "version": "8u131"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:1791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1791"
        },
        {
          "name": "99756",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99756"
        },
        {
          "name": "RHSA-2017:1790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "name": "RHSA-2017:1789",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1789"
        },
        {
          "name": "RHSA-2017:2424",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2424"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "RHSA-2017:1792",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1792"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "name": "DSA-3919",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3919"
        },
        {
          "name": "RHSA-2017:2481",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2481"
        },
        {
          "name": "RHSA-2017:2530",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2530"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:2469",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2469"
        },
        {
          "name": "DSA-3954",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3954"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10067",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u141"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u131"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1791"
            },
            {
              "name": "99756",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99756"
            },
            {
              "name": "RHSA-2017:1790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1790"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "RHSA-2017:1789",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1789"
            },
            {
              "name": "RHSA-2017:2424",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2424"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "RHSA-2017:1792",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1792"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "DSA-3919",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3919"
            },
            {
              "name": "RHSA-2017:2481",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2481"
            },
            {
              "name": "RHSA-2017:2530",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2530"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:2469",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2469"
            },
            {
              "name": "DSA-3954",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3954"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10067",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T19:07:59.164Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-38202
Vulnerability from cvelistv5
Published
2021-08-08 19:25
Modified
2024-08-04 01:37
Severity ?
Summary
fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:37:16.361Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-02T08:06:49",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-38202",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210902-0010/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-38202",
    "datePublished": "2021-08-08T19:25:59",
    "dateReserved": "2021-08-08T00:00:00",
    "dateUpdated": "2024-08-04T01:37:16.361Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10198
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 17:10
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).
References
https://access.redhat.com/errata/RHSA-2017:1791vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/99818vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2017:1790vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170720-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1789vendor-advisory, x_refsource_REDHAT
https://cert.vde.com/en-us/advisories/vde-2017-002x_refsource_CONFIRM
http://www.securitytracker.com/id/1038931vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1792vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201709-22vendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3919vendor-advisory, x_refsource_DEBIAN
http://www.debian.org/security/2017/dsa-3954vendor-advisory, x_refsource_DEBIAN
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:3392vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:33:16.932Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1791"
          },
          {
            "name": "99818",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99818"
          },
          {
            "name": "RHSA-2017:1790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "name": "RHSA-2017:1789",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1789"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "RHSA-2017:1792",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1792"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "name": "DSA-3919",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3919"
          },
          {
            "name": "DSA-3954",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3954"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "RHSA-2017:3392",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3392"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10198",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:50:37.360795Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T17:10:12.889Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u151"
            },
            {
              "status": "affected",
              "version": "7u141"
            },
            {
              "status": "affected",
              "version": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-16T13:57:02",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:1791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1791"
        },
        {
          "name": "99818",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99818"
        },
        {
          "name": "RHSA-2017:1790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "name": "RHSA-2017:1789",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1789"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "RHSA-2017:1792",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1792"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "name": "DSA-3919",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3919"
        },
        {
          "name": "DSA-3954",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3954"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "RHSA-2017:3392",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3392"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10198",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u141"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1791"
            },
            {
              "name": "99818",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99818"
            },
            {
              "name": "RHSA-2017:1790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1790"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "RHSA-2017:1789",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1789"
            },
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2017-002",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "RHSA-2017:1792",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1792"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "DSA-3919",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3919"
            },
            {
              "name": "DSA-3954",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3954"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            },
            {
              "name": "RHSA-2017:3392",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3392"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10198",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T17:10:12.889Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-21496
Vulnerability from cvelistv5
Published
2022-04-19 20:38
Modified
2024-09-24 20:05
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:46:38.681Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
          },
          {
            "name": "DSA-5128",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5128"
          },
          {
            "name": "DSA-5131",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5131"
          },
          {
            "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-21496",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-24T13:53:50.783083Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-24T20:05:36.664Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:7u331"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u321"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.14"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.2"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:18"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.5"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:22.0.0.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:06:40.368882",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
        },
        {
          "name": "DSA-5128",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5128"
        },
        {
          "name": "DSA-5131",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5131"
        },
        {
          "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21496",
    "datePublished": "2022-04-19T20:38:50",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-09-24T20:05:36.664Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-16597
Vulnerability from cvelistv5
Published
2018-09-21 16:00
Modified
2024-08-05 10:24
Severity ?
Summary
An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:24:32.947Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105394",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105394"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190204-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1106512"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K22691834"
          },
          {
            "name": "openSUSE-SU-2018:3202",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html"
          },
          {
            "name": "20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jul/33"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-08-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-25T18:06:10",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "105394",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105394"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190204-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1106512"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K22691834"
        },
        {
          "name": "openSUSE-SU-2018:3202",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html"
        },
        {
          "name": "20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jul/33"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-16597",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105394",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105394"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190204-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190204-0001/"
            },
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=1106512",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1106512"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862",
              "refsource": "CONFIRM",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862"
            },
            {
              "name": "https://support.f5.com/csp/article/K22691834",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K22691834"
            },
            {
              "name": "openSUSE-SU-2018:3202",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html"
            },
            {
              "name": "20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jul/33"
            },
            {
              "name": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-16597",
    "datePublished": "2018-09-21T16:00:00",
    "dateReserved": "2018-09-06T00:00:00",
    "dateUpdated": "2024-08-05T10:24:32.947Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-3462
Vulnerability from cvelistv5
Published
2019-01-28 21:00
Modified
2024-09-16 16:32
Severity ?
Summary
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:12:09.590Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "106690",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106690"
          },
          {
            "name": "USN-3863-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3863-1/"
          },
          {
            "name": "USN-3863-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3863-2/"
          },
          {
            "name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00013.html"
          },
          {
            "name": "DSA-4371",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4371"
          },
          {
            "name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update (amended)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190125-0002/"
          },
          {
            "name": "[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "apt as used in Debian Stretch and Ubuntu",
          "vendor": "Debian GNU/Linux",
          "versions": [
            {
              "status": "affected",
              "version": "1.4.8 and earlier"
            }
          ]
        }
      ],
      "datePublic": "2019-01-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote code execution in apt",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-04T16:06:05",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "106690",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106690"
        },
        {
          "name": "USN-3863-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3863-1/"
        },
        {
          "name": "USN-3863-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3863-2/"
        },
        {
          "name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00013.html"
        },
        {
          "name": "DSA-4371",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4371"
        },
        {
          "name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update (amended)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190125-0002/"
        },
        {
          "name": "[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "DATE_PUBLIC": "2019-01-22T00:00:00",
          "ID": "CVE-2019-3462",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "apt as used in Debian Stretch and Ubuntu",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.4.8 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Debian GNU/Linux"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote code execution in apt"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "106690",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106690"
            },
            {
              "name": "USN-3863-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3863-1/"
            },
            {
              "name": "USN-3863-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3863-2/"
            },
            {
              "name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00013.html"
            },
            {
              "name": "DSA-4371",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4371"
            },
            {
              "name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update (amended)",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190125-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190125-0002/"
            },
            {
              "name": "[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2019-3462",
    "datePublished": "2019-01-28T21:00:00Z",
    "dateReserved": "2018-12-31T00:00:00",
    "dateUpdated": "2024-09-16T16:32:28.586Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-38199
Vulnerability from cvelistv5
Published
2021-08-08 19:27
Modified
2024-08-04 01:37
Severity ?
Summary
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:37:16.290Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
          },
          {
            "name": "DSA-4978",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4978"
          },
          {
            "name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
          },
          {
            "name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-17T00:06:23",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
        },
        {
          "name": "DSA-4978",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4978"
        },
        {
          "name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
        },
        {
          "name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-38199",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210902-0010/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
            },
            {
              "name": "DSA-4978",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4978"
            },
            {
              "name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
            },
            {
              "name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-38199",
    "datePublished": "2021-08-08T19:27:50",
    "dateReserved": "2021-08-08T00:00:00",
    "dateUpdated": "2024-08-04T01:37:16.290Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1559
Vulnerability from cvelistv5
Published
2019-02-27 23:00
Modified
2024-09-17 04:20
Severity ?
Summary
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
References
http://www.securityfocus.com/bid/107174vdb-entry, x_refsource_BID
https://security.gentoo.org/glsa/201903-10vendor-advisory, x_refsource_GENTOO
https://usn.ubuntu.com/3899-1/vendor-advisory, x_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2019/03/msg00003.htmlmailing-list, x_refsource_MLIST
https://www.debian.org/security/2019/dsa-4400vendor-advisory, x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.htmlvendor-advisory, x_refsource_SUSE
https://access.redhat.com/errata/RHSA-2019:2304vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2439vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2437vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2471vendor-advisory, x_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/vendor-advisory, x_refsource_FEDORA
https://access.redhat.com/errata/RHSA-2019:3929vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3931vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://usn.ubuntu.com/4376-2/vendor-advisory, x_refsource_UBUNTU
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20190301-0001/x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20190301-0002/x_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8ex_refsource_CONFIRM
https://www.openssl.org/news/secadv/20190226.txtx_refsource_CONFIRM
https://support.f5.com/csp/article/K18549143x_refsource_CONFIRM
https://www.tenable.com/security/tns-2019-02x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20190423-0002/x_refsource_CONFIRM
https://www.tenable.com/security/tns-2019-03x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10282x_refsource_CONFIRM
https://support.f5.com/csp/article/K18549143?utm_source=f5support&amp%3Butm_medium=RSSx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:20:27.982Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "107174",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107174"
          },
          {
            "name": "GLSA-201903-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201903-10"
          },
          {
            "name": "USN-3899-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3899-1/"
          },
          {
            "name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
          },
          {
            "name": "DSA-4400",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4400"
          },
          {
            "name": "openSUSE-SU-2019:1076",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
          },
          {
            "name": "openSUSE-SU-2019:1105",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
          },
          {
            "name": "openSUSE-SU-2019:1173",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
          },
          {
            "name": "openSUSE-SU-2019:1175",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
          },
          {
            "name": "openSUSE-SU-2019:1432",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
          },
          {
            "name": "openSUSE-SU-2019:1637",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
          },
          {
            "name": "RHSA-2019:2304",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2304"
          },
          {
            "name": "RHSA-2019:2439",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2439"
          },
          {
            "name": "RHSA-2019:2437",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2437"
          },
          {
            "name": "RHSA-2019:2471",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2471"
          },
          {
            "name": "FEDORA-2019-db06efdea1",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
          },
          {
            "name": "FEDORA-2019-00c25b9379",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
          },
          {
            "name": "FEDORA-2019-9a0a7c0986",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
          },
          {
            "name": "RHSA-2019:3929",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3929"
          },
          {
            "name": "RHSA-2019:3931",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3931"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "name": "USN-4376-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4376-2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20190226.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K18549143"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2019-02"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2019-03"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt"
        }
      ],
      "datePublic": "2019-02-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
              "value": "Moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Padding Oracle",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-20T14:42:01",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "107174",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107174"
        },
        {
          "name": "GLSA-201903-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201903-10"
        },
        {
          "name": "USN-3899-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3899-1/"
        },
        {
          "name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
        },
        {
          "name": "DSA-4400",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4400"
        },
        {
          "name": "openSUSE-SU-2019:1076",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
        },
        {
          "name": "openSUSE-SU-2019:1105",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
        },
        {
          "name": "openSUSE-SU-2019:1173",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
        },
        {
          "name": "openSUSE-SU-2019:1175",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
        },
        {
          "name": "openSUSE-SU-2019:1432",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
        },
        {
          "name": "openSUSE-SU-2019:1637",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
        },
        {
          "name": "RHSA-2019:2304",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2304"
        },
        {
          "name": "RHSA-2019:2439",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2439"
        },
        {
          "name": "RHSA-2019:2437",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2437"
        },
        {
          "name": "RHSA-2019:2471",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2471"
        },
        {
          "name": "FEDORA-2019-db06efdea1",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
        },
        {
          "name": "FEDORA-2019-00c25b9379",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
        },
        {
          "name": "FEDORA-2019-9a0a7c0986",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
        },
        {
          "name": "RHSA-2019:3929",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3929"
        },
        {
          "name": "RHSA-2019:3931",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3931"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "name": "USN-4376-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4376-2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20190226.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K18549143"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2019-02"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2019-03"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        }
      ],
      "title": "0-byte record padding oracle",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2019-02-26",
          "ID": "CVE-2019-1559",
          "STATE": "PUBLIC",
          "TITLE": "0-byte record padding oracle"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
            "value": "Moderate"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Padding Oracle"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "107174",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107174"
            },
            {
              "name": "GLSA-201903-10",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201903-10"
            },
            {
              "name": "USN-3899-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3899-1/"
            },
            {
              "name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
            },
            {
              "name": "DSA-4400",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4400"
            },
            {
              "name": "openSUSE-SU-2019:1076",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
            },
            {
              "name": "openSUSE-SU-2019:1105",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
            },
            {
              "name": "openSUSE-SU-2019:1173",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
            },
            {
              "name": "openSUSE-SU-2019:1175",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
            },
            {
              "name": "openSUSE-SU-2019:1432",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
            },
            {
              "name": "openSUSE-SU-2019:1637",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
            },
            {
              "name": "RHSA-2019:2304",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2304"
            },
            {
              "name": "RHSA-2019:2439",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2439"
            },
            {
              "name": "RHSA-2019:2437",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2437"
            },
            {
              "name": "RHSA-2019:2471",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2471"
            },
            {
              "name": "FEDORA-2019-db06efdea1",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
            },
            {
              "name": "FEDORA-2019-00c25b9379",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
            },
            {
              "name": "FEDORA-2019-9a0a7c0986",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
            },
            {
              "name": "RHSA-2019:3929",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3929"
            },
            {
              "name": "RHSA-2019:3931",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3931"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "USN-4376-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4376-2/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190301-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190301-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20190226.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20190226.txt"
            },
            {
              "name": "https://support.f5.com/csp/article/K18549143",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K18549143"
            },
            {
              "name": "https://www.tenable.com/security/tns-2019-02",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2019-02"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190423-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
            },
            {
              "name": "https://www.tenable.com/security/tns-2019-03",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2019-03"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
            },
            {
              "name": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp;utm_medium=RSS"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2019-1559",
    "datePublished": "2019-02-27T23:00:00Z",
    "dateReserved": "2018-11-28T00:00:00",
    "dateUpdated": "2024-09-17T04:20:35.057Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10193
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 17:10
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
References
http://www.securityfocus.com/bid/99854vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2017:1791vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1790vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170720-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1789vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1038931vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1792vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201709-22vendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3919vendor-advisory, x_refsource_DEBIAN
http://www.debian.org/security/2017/dsa-3954vendor-advisory, x_refsource_DEBIAN
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:3392vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:33:16.953Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "99854",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99854"
          },
          {
            "name": "RHSA-2017:1791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1791"
          },
          {
            "name": "RHSA-2017:1790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "name": "RHSA-2017:1789",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1789"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "RHSA-2017:1792",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1792"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "name": "DSA-3919",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3919"
          },
          {
            "name": "DSA-3954",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3954"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "RHSA-2017:3392",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3392"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10193",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:50:40.905859Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T17:10:32.958Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u151"
            },
            {
              "status": "affected",
              "version": "7u141"
            },
            {
              "status": "affected",
              "version": "8u131; Java SE Embedded: 8u131"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "99854",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99854"
        },
        {
          "name": "RHSA-2017:1791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1791"
        },
        {
          "name": "RHSA-2017:1790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "name": "RHSA-2017:1789",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1789"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "RHSA-2017:1792",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1792"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "name": "DSA-3919",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3919"
        },
        {
          "name": "DSA-3954",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3954"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "RHSA-2017:3392",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3392"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10193",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u141"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u131; Java SE Embedded: 8u131"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Java SE, Java SE Embedded accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "99854",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99854"
            },
            {
              "name": "RHSA-2017:1791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1791"
            },
            {
              "name": "RHSA-2017:1790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1790"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "RHSA-2017:1789",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1789"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "RHSA-2017:1792",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1792"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "DSA-3919",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3919"
            },
            {
              "name": "DSA-3954",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3954"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            },
            {
              "name": "RHSA-2017:3392",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3392"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10193",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T17:10:32.958Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-17182
Vulnerability from cvelistv5
Published
2018-09-19 09:00
Modified
2024-08-05 10:39
Severity ?
Summary
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:39:59.702Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3776-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3776-1/"
          },
          {
            "name": "USN-3776-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3776-2/"
          },
          {
            "name": "USN-3777-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3777-1/"
          },
          {
            "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190204-0001/"
          },
          {
            "name": "RHSA-2018:3656",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3656"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2"
          },
          {
            "name": "DSA-4308",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4308"
          },
          {
            "name": "105417",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105417"
          },
          {
            "name": "45497",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45497/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2018/09/18/4"
          },
          {
            "name": "1041748",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041748"
          },
          {
            "name": "USN-3777-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3777-2/"
          },
          {
            "name": "106503",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106503"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2"
          },
          {
            "name": "USN-3777-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3777-3/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-09-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-02-05T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3776-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3776-1/"
        },
        {
          "name": "USN-3776-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3776-2/"
        },
        {
          "name": "USN-3777-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3777-1/"
        },
        {
          "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190204-0001/"
        },
        {
          "name": "RHSA-2018:3656",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3656"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2"
        },
        {
          "name": "DSA-4308",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4308"
        },
        {
          "name": "105417",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105417"
        },
        {
          "name": "45497",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/45497/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2018/09/18/4"
        },
        {
          "name": "1041748",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041748"
        },
        {
          "name": "USN-3777-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3777-2/"
        },
        {
          "name": "106503",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106503"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2"
        },
        {
          "name": "USN-3777-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3777-3/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-17182",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3776-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3776-1/"
            },
            {
              "name": "USN-3776-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3776-2/"
            },
            {
              "name": "USN-3777-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3777-1/"
            },
            {
              "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190204-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190204-0001/"
            },
            {
              "name": "RHSA-2018:3656",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3656"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2"
            },
            {
              "name": "DSA-4308",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4308"
            },
            {
              "name": "105417",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105417"
            },
            {
              "name": "45497",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/45497/"
            },
            {
              "name": "https://www.openwall.com/lists/oss-security/2018/09/18/4",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/oss-security/2018/09/18/4"
            },
            {
              "name": "1041748",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041748"
            },
            {
              "name": "USN-3777-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3777-2/"
            },
            {
              "name": "106503",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106503"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2",
              "refsource": "MISC",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2"
            },
            {
              "name": "USN-3777-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3777-3/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-17182",
    "datePublished": "2018-09-19T09:00:00",
    "dateReserved": "2018-09-19T00:00:00",
    "dateUpdated": "2024-08-05T10:39:59.702Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-12769
Vulnerability from cvelistv5
Published
2020-05-09 20:16
Modified
2024-08-04 12:04
Severity ?
Summary
An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:04:22.954Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lkml.org/lkml/2020/2/3/559"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
          },
          {
            "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
          },
          {
            "name": "openSUSE-SU-2020:0801",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
          },
          {
            "name": "USN-4391-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4391-1/"
          },
          {
            "name": "openSUSE-SU-2020:0935",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-07T05:06:13",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lkml.org/lkml/2020/2/3/559"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
        },
        {
          "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
        },
        {
          "name": "openSUSE-SU-2020:0801",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
        },
        {
          "name": "USN-4391-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4391-1/"
        },
        {
          "name": "openSUSE-SU-2020:0935",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-12769",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lkml.org/lkml/2020/2/3/559",
              "refsource": "CONFIRM",
              "url": "https://lkml.org/lkml/2020/2/3/559"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d",
              "refsource": "CONFIRM",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17",
              "refsource": "CONFIRM",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200608-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
            },
            {
              "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
            },
            {
              "name": "openSUSE-SU-2020:0801",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
            },
            {
              "name": "USN-4391-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4391-1/"
            },
            {
              "name": "openSUSE-SU-2020:0935",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-12769",
    "datePublished": "2020-05-09T20:16:45",
    "dateReserved": "2020-05-09T00:00:00",
    "dateUpdated": "2024-08-04T12:04:22.954Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10356
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:48
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
https://access.redhat.com/errata/RHSA-2017:3047vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201711-14vendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/bid/101413vdb-entry, x_refsource_BID
https://www.debian.org/security/2017/dsa-4015vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3267vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2998vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3268vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:3046vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1039596vdb-entry, x_refsource_SECTRACK
https://security.gentoo.org/glsa/201710-31vendor-advisory, x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2017:3264vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2017/dsa-4048vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3392vendor-advisory, x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlmailing-list, x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20171019-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:2999vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:41:55.360Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:3047",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3047"
          },
          {
            "name": "GLSA-201711-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201711-14"
          },
          {
            "name": "101413",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101413"
          },
          {
            "name": "DSA-4015",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4015"
          },
          {
            "name": "RHSA-2017:3267",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3267"
          },
          {
            "name": "RHSA-2017:2998",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2998"
          },
          {
            "name": "RHSA-2017:3268",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3268"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "RHSA-2017:3046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3046"
          },
          {
            "name": "1039596",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039596"
          },
          {
            "name": "GLSA-201710-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201710-31"
          },
          {
            "name": "RHSA-2017:3264",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3264"
          },
          {
            "name": "DSA-4048",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4048"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:3392",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3392"
          },
          {
            "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
          },
          {
            "name": "RHSA-2017:2999",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2999"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10356",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:43:31.766242Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T16:48:24.887Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u161"
            },
            {
              "status": "affected",
              "version": "7u151"
            },
            {
              "status": "affected",
              "version": "8u144"
            },
            {
              "status": "affected",
              "version": "9; Java SE Embedded: 8u144; JRockit: R28.3.15"
            }
          ]
        }
      ],
      "datePublic": "2017-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-02T10:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:3047",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3047"
        },
        {
          "name": "GLSA-201711-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201711-14"
        },
        {
          "name": "101413",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101413"
        },
        {
          "name": "DSA-4015",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4015"
        },
        {
          "name": "RHSA-2017:3267",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3267"
        },
        {
          "name": "RHSA-2017:2998",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2998"
        },
        {
          "name": "RHSA-2017:3268",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3268"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "RHSA-2017:3046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3046"
        },
        {
          "name": "1039596",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039596"
        },
        {
          "name": "GLSA-201710-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201710-31"
        },
        {
          "name": "RHSA-2017:3264",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3264"
        },
        {
          "name": "DSA-4048",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4048"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:3392",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3392"
        },
        {
          "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
        },
        {
          "name": "RHSA-2017:2999",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2999"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10356",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u161"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u144"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9; Java SE Embedded: 8u144; JRockit: R28.3.15"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:3047",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3047"
            },
            {
              "name": "GLSA-201711-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201711-14"
            },
            {
              "name": "101413",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101413"
            },
            {
              "name": "DSA-4015",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4015"
            },
            {
              "name": "RHSA-2017:3267",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3267"
            },
            {
              "name": "RHSA-2017:2998",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2998"
            },
            {
              "name": "RHSA-2017:3268",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3268"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "RHSA-2017:3046",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3046"
            },
            {
              "name": "1039596",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039596"
            },
            {
              "name": "GLSA-201710-31",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201710-31"
            },
            {
              "name": "RHSA-2017:3264",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3264"
            },
            {
              "name": "DSA-4048",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4048"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:3392",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3392"
            },
            {
              "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171019-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
            },
            {
              "name": "RHSA-2017:2999",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2999"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10356",
    "datePublished": "2017-10-19T17:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T16:48:24.887Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10074
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:07
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
https://access.redhat.com/errata/RHSA-2017:1791vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1790vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170720-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1789vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2424vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1038931vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1792vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201709-22vendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3919vendor-advisory, x_refsource_DEBIAN
http://www.debian.org/security/2017/dsa-3954vendor-advisory, x_refsource_DEBIAN
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/99731vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:25:00.983Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1791"
          },
          {
            "name": "RHSA-2017:1790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "name": "RHSA-2017:1789",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1789"
          },
          {
            "name": "RHSA-2017:2424",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2424"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "RHSA-2017:1792",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1792"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "name": "DSA-3919",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3919"
          },
          {
            "name": "DSA-3954",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3954"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "99731",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99731"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10074",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:39:50.651137Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T19:07:13.399Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u151"
            },
            {
              "status": "affected",
              "version": "7u141"
            },
            {
              "status": "affected",
              "version": "8u131; Java SE Embedded: 8u131"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:1791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1791"
        },
        {
          "name": "RHSA-2017:1790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "name": "RHSA-2017:1789",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1789"
        },
        {
          "name": "RHSA-2017:2424",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2424"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "RHSA-2017:1792",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1792"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "name": "DSA-3919",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3919"
        },
        {
          "name": "DSA-3954",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3954"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "99731",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99731"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10074",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u141"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u131; Java SE Embedded: 8u131"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1791"
            },
            {
              "name": "RHSA-2017:1790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1790"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "RHSA-2017:1789",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1789"
            },
            {
              "name": "RHSA-2017:2424",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2424"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "RHSA-2017:1792",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1792"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "DSA-3919",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3919"
            },
            {
              "name": "DSA-3954",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3954"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            },
            {
              "name": "99731",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99731"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10074",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T19:07:13.399Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-7182
Vulnerability from cvelistv5
Published
2018-03-06 20:00
Modified
2024-08-05 06:24
Severity ?
Summary
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:24:10.330Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"
          },
          {
            "name": "GLSA-201805-12",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201805-12"
          },
          {
            "name": "FreeBSD-SA-18:02",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
          },
          {
            "name": "20180301 [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/NtpBug3412"
          },
          {
            "name": "USN-3707-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3707-1/"
          },
          {
            "name": "45846",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45846/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/support/security/Synology_SA_18_13"
          },
          {
            "name": "103191",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103191"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-02-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-31T18:06:18",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"
        },
        {
          "name": "GLSA-201805-12",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201805-12"
        },
        {
          "name": "FreeBSD-SA-18:02",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
        },
        {
          "name": "20180301 [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/NtpBug3412"
        },
        {
          "name": "USN-3707-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3707-1/"
        },
        {
          "name": "45846",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/45846/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/support/security/Synology_SA_18_13"
        },
        {
          "name": "103191",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103191"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-7182",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"
            },
            {
              "name": "GLSA-201805-12",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201805-12"
            },
            {
              "name": "FreeBSD-SA-18:02",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180626-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
            },
            {
              "name": "20180301 [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/NtpBug3412",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3412"
            },
            {
              "name": "USN-3707-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3707-1/"
            },
            {
              "name": "45846",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/45846/"
            },
            {
              "name": "https://www.synology.com/support/security/Synology_SA_18_13",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/support/security/Synology_SA_18_13"
            },
            {
              "name": "103191",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103191"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-7182",
    "datePublished": "2018-03-06T20:00:00",
    "dateReserved": "2018-02-16T00:00:00",
    "dateUpdated": "2024-08-05T06:24:10.330Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10355
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:48
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
https://access.redhat.com/errata/RHSA-2017:3047vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201711-14vendor-advisory, x_refsource_GENTOO
https://www.debian.org/security/2017/dsa-4015vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3267vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2998vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3268vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:3046vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1039596vdb-entry, x_refsource_SECTRACK
https://security.gentoo.org/glsa/201710-31vendor-advisory, x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2017:3264vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2017/dsa-4048vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3392vendor-advisory, x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlmailing-list, x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20171019-0001/x_refsource_CONFIRM
http://www.securityfocus.com/bid/101369vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2017:2999vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:41:55.425Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:3047",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3047"
          },
          {
            "name": "GLSA-201711-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201711-14"
          },
          {
            "name": "DSA-4015",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4015"
          },
          {
            "name": "RHSA-2017:3267",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3267"
          },
          {
            "name": "RHSA-2017:2998",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2998"
          },
          {
            "name": "RHSA-2017:3268",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3268"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "RHSA-2017:3046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3046"
          },
          {
            "name": "1039596",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039596"
          },
          {
            "name": "GLSA-201710-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201710-31"
          },
          {
            "name": "RHSA-2017:3264",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3264"
          },
          {
            "name": "DSA-4048",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4048"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:3392",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3392"
          },
          {
            "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
          },
          {
            "name": "101369",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101369"
          },
          {
            "name": "RHSA-2017:2999",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2999"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10355",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:35:22.324398Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T16:48:32.115Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u161"
            },
            {
              "status": "affected",
              "version": "7u151"
            },
            {
              "status": "affected",
              "version": "8u144"
            },
            {
              "status": "affected",
              "version": "9; Java SE Embedded: 8u144; JRockit: R28.3.15"
            }
          ]
        }
      ],
      "datePublic": "2017-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-02T10:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:3047",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3047"
        },
        {
          "name": "GLSA-201711-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201711-14"
        },
        {
          "name": "DSA-4015",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4015"
        },
        {
          "name": "RHSA-2017:3267",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3267"
        },
        {
          "name": "RHSA-2017:2998",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2998"
        },
        {
          "name": "RHSA-2017:3268",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3268"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "RHSA-2017:3046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3046"
        },
        {
          "name": "1039596",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039596"
        },
        {
          "name": "GLSA-201710-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201710-31"
        },
        {
          "name": "RHSA-2017:3264",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3264"
        },
        {
          "name": "DSA-4048",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4048"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:3392",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3392"
        },
        {
          "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
        },
        {
          "name": "101369",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101369"
        },
        {
          "name": "RHSA-2017:2999",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2999"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10355",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u161"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u144"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9; Java SE Embedded: 8u144; JRockit: R28.3.15"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:3047",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3047"
            },
            {
              "name": "GLSA-201711-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201711-14"
            },
            {
              "name": "DSA-4015",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4015"
            },
            {
              "name": "RHSA-2017:3267",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3267"
            },
            {
              "name": "RHSA-2017:2998",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2998"
            },
            {
              "name": "RHSA-2017:3268",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3268"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "RHSA-2017:3046",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3046"
            },
            {
              "name": "1039596",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039596"
            },
            {
              "name": "GLSA-201710-31",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201710-31"
            },
            {
              "name": "RHSA-2017:3264",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3264"
            },
            {
              "name": "DSA-4048",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4048"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:3392",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3392"
            },
            {
              "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171019-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
            },
            {
              "name": "101369",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101369"
            },
            {
              "name": "RHSA-2017:2999",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2999"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10355",
    "datePublished": "2017-10-19T17:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T16:48:32.115Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0735
Vulnerability from cvelistv5
Published
2018-10-29 13:00
Modified
2024-09-16 19:10
Severity ?
Summary
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:35:49.247Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56fb454d281a023b3f950d969693553d3f3ceea1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "name": "105750",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105750"
          },
          {
            "name": "USN-3840-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3840-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
          },
          {
            "name": "1041986",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041986"
          },
          {
            "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
          },
          {
            "name": "DSA-4348",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4348"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20181029.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "RHSA-2019:3700",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3700"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.1a (Affected 1.1.1)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Samuel Weiser"
        }
      ],
      "datePublic": "2018-10-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Low",
              "value": "Low"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Constant time issue",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-15T19:15:21",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56fb454d281a023b3f950d969693553d3f3ceea1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "name": "105750",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105750"
        },
        {
          "name": "USN-3840-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3840-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
        },
        {
          "name": "1041986",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041986"
        },
        {
          "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
        },
        {
          "name": "DSA-4348",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4348"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20181029.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "name": "RHSA-2019:3700",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3700"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        }
      ],
      "title": "Timing attack against ECDSA signature generation",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2018-10-29",
          "ID": "CVE-2018-0735",
          "STATE": "PUBLIC",
          "TITLE": "Timing attack against ECDSA signature generation"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)"
                          },
                          {
                            "version_value": "Fixed in OpenSSL 1.1.1a (Affected 1.1.1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Samuel Weiser"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1)."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#Low",
            "value": "Low"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Constant time issue"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "105750",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105750"
            },
            {
              "name": "USN-3840-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3840-1/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20181105-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
            },
            {
              "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
              "refsource": "CONFIRM",
              "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
            },
            {
              "name": "1041986",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041986"
            },
            {
              "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
            },
            {
              "name": "DSA-4348",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4348"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20181029.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20181029.txt"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "RHSA-2019:3700",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3700"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2018-0735",
    "datePublished": "2018-10-29T13:00:00Z",
    "dateReserved": "2017-11-30T00:00:00",
    "dateUpdated": "2024-09-16T19:10:32.005Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10309
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:53
Severity ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).
References
http://www.securityfocus.com/bid/101328vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2017:3267vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
http://www.securitytracker.com/id/1039596vdb-entry, x_refsource_SECTRACK
https://www.exploit-db.com/exploits/43103/exploit, x_refsource_EXPLOIT-DB
https://security.gentoo.org/glsa/201710-31vendor-advisory, x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2017:3264vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20171019-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:2999vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:41:54.649Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "101328",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101328"
          },
          {
            "name": "RHSA-2017:3267",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3267"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "1039596",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039596"
          },
          {
            "name": "43103",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/43103/"
          },
          {
            "name": "GLSA-201710-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201710-31"
          },
          {
            "name": "RHSA-2017:3264",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3264"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
          },
          {
            "name": "RHSA-2017:2999",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2999"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10309",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:45:13.387759Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T16:53:38.783Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 8u144"
            },
            {
              "status": "affected",
              "version": "9"
            }
          ]
        }
      ],
      "datePublic": "2017-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE accessible data as well as  unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-14T10:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "101328",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101328"
        },
        {
          "name": "RHSA-2017:3267",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3267"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "1039596",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039596"
        },
        {
          "name": "43103",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/43103/"
        },
        {
          "name": "GLSA-201710-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201710-31"
        },
        {
          "name": "RHSA-2017:3264",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3264"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
        },
        {
          "name": "RHSA-2017:2999",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2999"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10309",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 8u144"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE accessible data as well as  unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "101328",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101328"
            },
            {
              "name": "RHSA-2017:3267",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3267"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "1039596",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039596"
            },
            {
              "name": "43103",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/43103/"
            },
            {
              "name": "GLSA-201710-31",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201710-31"
            },
            {
              "name": "RHSA-2017:3264",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3264"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171019-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
            },
            {
              "name": "RHSA-2017:2999",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2999"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10309",
    "datePublished": "2017-10-19T17:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T16:53:38.783Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10348
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:49
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
https://access.redhat.com/errata/RHSA-2017:3047vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201711-14vendor-advisory, x_refsource_GENTOO
https://www.debian.org/security/2017/dsa-4015vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3267vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2998vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3268vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:3046vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/101354vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1039596vdb-entry, x_refsource_SECTRACK
https://security.gentoo.org/glsa/201710-31vendor-advisory, x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2017:3264vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2017/dsa-4048vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3392vendor-advisory, x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlmailing-list, x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20171019-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:2999vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:41:55.466Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:3047",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3047"
          },
          {
            "name": "GLSA-201711-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201711-14"
          },
          {
            "name": "DSA-4015",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4015"
          },
          {
            "name": "RHSA-2017:3267",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3267"
          },
          {
            "name": "RHSA-2017:2998",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2998"
          },
          {
            "name": "RHSA-2017:3268",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3268"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "RHSA-2017:3046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3046"
          },
          {
            "name": "101354",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101354"
          },
          {
            "name": "1039596",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039596"
          },
          {
            "name": "GLSA-201710-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201710-31"
          },
          {
            "name": "RHSA-2017:3264",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3264"
          },
          {
            "name": "DSA-4048",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4048"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:3392",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3392"
          },
          {
            "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
          },
          {
            "name": "RHSA-2017:2999",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2999"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10348",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:35:26.331134Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T16:49:18.786Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u161"
            },
            {
              "status": "affected",
              "version": "7u151"
            },
            {
              "status": "affected",
              "version": "8u144"
            },
            {
              "status": "affected",
              "version": "9; Java SE Embedded: 8u144"
            }
          ]
        }
      ],
      "datePublic": "2017-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-02T10:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:3047",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3047"
        },
        {
          "name": "GLSA-201711-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201711-14"
        },
        {
          "name": "DSA-4015",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4015"
        },
        {
          "name": "RHSA-2017:3267",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3267"
        },
        {
          "name": "RHSA-2017:2998",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2998"
        },
        {
          "name": "RHSA-2017:3268",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3268"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "RHSA-2017:3046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3046"
        },
        {
          "name": "101354",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101354"
        },
        {
          "name": "1039596",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039596"
        },
        {
          "name": "GLSA-201710-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201710-31"
        },
        {
          "name": "RHSA-2017:3264",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3264"
        },
        {
          "name": "DSA-4048",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4048"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:3392",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3392"
        },
        {
          "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
        },
        {
          "name": "RHSA-2017:2999",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2999"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10348",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u161"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u144"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9; Java SE Embedded: 8u144"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:3047",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3047"
            },
            {
              "name": "GLSA-201711-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201711-14"
            },
            {
              "name": "DSA-4015",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4015"
            },
            {
              "name": "RHSA-2017:3267",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3267"
            },
            {
              "name": "RHSA-2017:2998",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2998"
            },
            {
              "name": "RHSA-2017:3268",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3268"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "RHSA-2017:3046",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3046"
            },
            {
              "name": "101354",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101354"
            },
            {
              "name": "1039596",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039596"
            },
            {
              "name": "GLSA-201710-31",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201710-31"
            },
            {
              "name": "RHSA-2017:3264",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3264"
            },
            {
              "name": "DSA-4048",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4048"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:3392",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3392"
            },
            {
              "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171019-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
            },
            {
              "name": "RHSA-2017:2999",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2999"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10348",
    "datePublished": "2017-10-19T17:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T16:49:18.786Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10350
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:49
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
https://security.gentoo.org/glsa/201711-14vendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/bid/101341vdb-entry, x_refsource_BID
https://www.debian.org/security/2017/dsa-4015vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3267vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2998vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3268vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:3046vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1039596vdb-entry, x_refsource_SECTRACK
https://security.gentoo.org/glsa/201710-31vendor-advisory, x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2017:3264vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2017/dsa-4048vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3392vendor-advisory, x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlmailing-list, x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20171019-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:2999vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:41:54.802Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201711-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201711-14"
          },
          {
            "name": "101341",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101341"
          },
          {
            "name": "DSA-4015",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4015"
          },
          {
            "name": "RHSA-2017:3267",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3267"
          },
          {
            "name": "RHSA-2017:2998",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2998"
          },
          {
            "name": "RHSA-2017:3268",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3268"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "RHSA-2017:3046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3046"
          },
          {
            "name": "1039596",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039596"
          },
          {
            "name": "GLSA-201710-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201710-31"
          },
          {
            "name": "RHSA-2017:3264",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3264"
          },
          {
            "name": "DSA-4048",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4048"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:3392",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3392"
          },
          {
            "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
          },
          {
            "name": "RHSA-2017:2999",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2999"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10350",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:35:24.292674Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T16:49:05.882Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u151"
            },
            {
              "status": "affected",
              "version": "8u144"
            },
            {
              "status": "affected",
              "version": "9; Java SE Embedded: 8u144"
            }
          ]
        }
      ],
      "datePublic": "2017-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-02T10:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "GLSA-201711-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201711-14"
        },
        {
          "name": "101341",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101341"
        },
        {
          "name": "DSA-4015",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4015"
        },
        {
          "name": "RHSA-2017:3267",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3267"
        },
        {
          "name": "RHSA-2017:2998",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2998"
        },
        {
          "name": "RHSA-2017:3268",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3268"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "RHSA-2017:3046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3046"
        },
        {
          "name": "1039596",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039596"
        },
        {
          "name": "GLSA-201710-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201710-31"
        },
        {
          "name": "RHSA-2017:3264",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3264"
        },
        {
          "name": "DSA-4048",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4048"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:3392",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3392"
        },
        {
          "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
        },
        {
          "name": "RHSA-2017:2999",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2999"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10350",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u144"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9; Java SE Embedded: 8u144"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201711-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201711-14"
            },
            {
              "name": "101341",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101341"
            },
            {
              "name": "DSA-4015",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4015"
            },
            {
              "name": "RHSA-2017:3267",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3267"
            },
            {
              "name": "RHSA-2017:2998",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2998"
            },
            {
              "name": "RHSA-2017:3268",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3268"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "RHSA-2017:3046",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3046"
            },
            {
              "name": "1039596",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039596"
            },
            {
              "name": "GLSA-201710-31",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201710-31"
            },
            {
              "name": "RHSA-2017:3264",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3264"
            },
            {
              "name": "DSA-4048",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4048"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:3392",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3392"
            },
            {
              "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171019-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
            },
            {
              "name": "RHSA-2017:2999",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2999"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10350",
    "datePublished": "2017-10-19T17:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T16:49:05.882Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-3753
Vulnerability from cvelistv5
Published
2022-02-16 00:00
Modified
2024-08-03 17:09
Severity ?
Summary
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:09:08.286Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999589"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/2287a51ba822384834dafc1c798453375d1107c7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2021/09/01/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221028-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Linux kernel 5.15-rc1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-28T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999589"
        },
        {
          "url": "https://github.com/torvalds/linux/commit/2287a51ba822384834dafc1c798453375d1107c7"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2021/09/01/4"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221028-0003/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-3753",
    "datePublished": "2022-02-16T00:00:00",
    "dateReserved": "2021-08-31T00:00:00",
    "dateUpdated": "2024-08-03T17:09:08.286Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-29368
Vulnerability from cvelistv5
Published
2020-11-28 06:20
Modified
2024-08-04 16:48
Severity ?
Summary
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:48:01.651Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210108-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-08T11:06:18",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210108-0002/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-29368",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040"
            },
            {
              "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045",
              "refsource": "MISC",
              "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210108-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210108-0002/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-29368",
    "datePublished": "2020-11-28T06:20:26",
    "dateReserved": "2020-11-28T00:00:00",
    "dateUpdated": "2024-08-04T16:48:01.651Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10125
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:01
Severity ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to deployment of Java where the Java Auto Update is enabled. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:33:16.287Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "name": "99809",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99809"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10125",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:39:24.847344Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T19:01:24.611Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u141"
            },
            {
              "status": "affected",
              "version": "8u131"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to deployment of Java where the Java Auto Update is enabled. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows physical access to compromise Java SE.  While the vulnerability is in Java SE, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in takeover of Java SE.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-09T10:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "name": "99809",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99809"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10125",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u141"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u131"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to deployment of Java where the Java Auto Update is enabled. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows physical access to compromise Java SE.  While the vulnerability is in Java SE, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in takeover of Java SE."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "99809",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99809"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10125",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T19:01:24.611Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-11068
Vulnerability from cvelistv5
Published
2019-04-10 19:38
Modified
2024-08-04 22:40
Severity ?
Summary
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
References
https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2019/04/msg00016.htmlmailing-list, x_refsource_MLIST
https://usn.ubuntu.com/3947-2/vendor-advisory, x_refsource_UBUNTU
http://www.openwall.com/lists/oss-security/2019/04/22/1mailing-list, x_refsource_MLIST
https://usn.ubuntu.com/3947-1/vendor-advisory, x_refsource_UBUNTU
http://www.openwall.com/lists/oss-security/2019/04/23/5mailing-list, x_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.htmlvendor-advisory, x_refsource_SUSE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/vendor-advisory, x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.htmlvendor-advisory, x_refsource_SUSE
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20191017-0001/x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:40:16.229Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6"
          },
          {
            "name": "[debian-lts-announce] 20190415 [SECURITY] [DLA 1756-1] libxslt security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html"
          },
          {
            "name": "USN-3947-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3947-2/"
          },
          {
            "name": "[oss-security] 20190422 Nokogiri security update v1.10.3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/04/22/1"
          },
          {
            "name": "USN-3947-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3947-1/"
          },
          {
            "name": "[oss-security] 20190423 Re: Nokogiri security update v1.10.3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/04/23/5"
          },
          {
            "name": "openSUSE-SU-2019:1433",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html"
          },
          {
            "name": "openSUSE-SU-2019:1430",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html"
          },
          {
            "name": "openSUSE-SU-2019:1428",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html"
          },
          {
            "name": "openSUSE-SU-2019:1527",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"
          },
          {
            "name": "FEDORA-2019-e21c77ffae",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/"
          },
          {
            "name": "FEDORA-2019-320d5295fc",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
          },
          {
            "name": "FEDORA-2019-e74d639587",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/"
          },
          {
            "name": "openSUSE-SU-2019:1824",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20191017-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-17T15:06:40",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6"
        },
        {
          "name": "[debian-lts-announce] 20190415 [SECURITY] [DLA 1756-1] libxslt security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html"
        },
        {
          "name": "USN-3947-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3947-2/"
        },
        {
          "name": "[oss-security] 20190422 Nokogiri security update v1.10.3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/04/22/1"
        },
        {
          "name": "USN-3947-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3947-1/"
        },
        {
          "name": "[oss-security] 20190423 Re: Nokogiri security update v1.10.3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/04/23/5"
        },
        {
          "name": "openSUSE-SU-2019:1433",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html"
        },
        {
          "name": "openSUSE-SU-2019:1430",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html"
        },
        {
          "name": "openSUSE-SU-2019:1428",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html"
        },
        {
          "name": "openSUSE-SU-2019:1527",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"
        },
        {
          "name": "FEDORA-2019-e21c77ffae",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/"
        },
        {
          "name": "FEDORA-2019-320d5295fc",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
        },
        {
          "name": "FEDORA-2019-e74d639587",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/"
        },
        {
          "name": "openSUSE-SU-2019:1824",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20191017-0001/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-11068",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6",
              "refsource": "MISC",
              "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6"
            },
            {
              "name": "[debian-lts-announce] 20190415 [SECURITY] [DLA 1756-1] libxslt security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html"
            },
            {
              "name": "USN-3947-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3947-2/"
            },
            {
              "name": "[oss-security] 20190422 Nokogiri security update v1.10.3",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/04/22/1"
            },
            {
              "name": "USN-3947-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3947-1/"
            },
            {
              "name": "[oss-security] 20190423 Re: Nokogiri security update v1.10.3",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/04/23/5"
            },
            {
              "name": "openSUSE-SU-2019:1433",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html"
            },
            {
              "name": "openSUSE-SU-2019:1430",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html"
            },
            {
              "name": "openSUSE-SU-2019:1428",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html"
            },
            {
              "name": "openSUSE-SU-2019:1527",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"
            },
            {
              "name": "FEDORA-2019-e21c77ffae",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/"
            },
            {
              "name": "FEDORA-2019-320d5295fc",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
            },
            {
              "name": "FEDORA-2019-e74d639587",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/"
            },
            {
              "name": "openSUSE-SU-2019:1824",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20191017-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20191017-0001/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-11068",
    "datePublished": "2019-04-10T19:38:18",
    "dateReserved": "2019-04-10T00:00:00",
    "dateUpdated": "2024-08-04T22:40:16.229Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10089
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:05
Severity ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
https://access.redhat.com/errata/RHSA-2017:1791vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1790vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170720-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1789vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2424vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1038931vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1792vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201709-22vendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3919vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:2481vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2530vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/99659vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2017:2469vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3954vendor-advisory, x_refsource_DEBIAN
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:25:00.937Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1791"
          },
          {
            "name": "RHSA-2017:1790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "name": "RHSA-2017:1789",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1789"
          },
          {
            "name": "RHSA-2017:2424",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2424"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "RHSA-2017:1792",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1792"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "name": "DSA-3919",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3919"
          },
          {
            "name": "RHSA-2017:2481",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2481"
          },
          {
            "name": "RHSA-2017:2530",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2530"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "99659",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99659"
          },
          {
            "name": "RHSA-2017:2469",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2469"
          },
          {
            "name": "DSA-3954",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3954"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10089",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:39:46.215799Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T19:05:26.594Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u151"
            },
            {
              "status": "affected",
              "version": "7u141"
            },
            {
              "status": "affected",
              "version": "8u131"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:1791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1791"
        },
        {
          "name": "RHSA-2017:1790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "name": "RHSA-2017:1789",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1789"
        },
        {
          "name": "RHSA-2017:2424",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2424"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "RHSA-2017:1792",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1792"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "name": "DSA-3919",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3919"
        },
        {
          "name": "RHSA-2017:2481",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2481"
        },
        {
          "name": "RHSA-2017:2530",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2530"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "99659",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99659"
        },
        {
          "name": "RHSA-2017:2469",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2469"
        },
        {
          "name": "DSA-3954",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3954"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10089",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u141"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u131"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1791"
            },
            {
              "name": "RHSA-2017:1790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1790"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "RHSA-2017:1789",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1789"
            },
            {
              "name": "RHSA-2017:2424",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2424"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "RHSA-2017:1792",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1792"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "DSA-3919",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3919"
            },
            {
              "name": "RHSA-2017:2481",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2481"
            },
            {
              "name": "RHSA-2017:2530",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2530"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "99659",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99659"
            },
            {
              "name": "RHSA-2017:2469",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2469"
            },
            {
              "name": "DSA-3954",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3954"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10089",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T19:05:26.594Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-20855
Vulnerability from cvelistv5
Published
2019-07-26 04:39
Modified
2024-08-05 12:12
Severity ?
Summary
An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:12:29.320Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/0625b4ba1a5d4703c7fb01c497bd6c156908af00"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7"
          },
          {
            "name": "openSUSE-SU-2019:1924",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html"
          },
          {
            "name": "openSUSE-SU-2019:1923",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-05T23:06:07",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/0625b4ba1a5d4703c7fb01c497bd6c156908af00"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7"
        },
        {
          "name": "openSUSE-SU-2019:1924",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html"
        },
        {
          "name": "openSUSE-SU-2019:1923",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-20855",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/torvalds/linux/commit/0625b4ba1a5d4703c7fb01c497bd6c156908af00",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/0625b4ba1a5d4703c7fb01c497bd6c156908af00"
            },
            {
              "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00",
              "refsource": "MISC",
              "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7"
            },
            {
              "name": "openSUSE-SU-2019:1924",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html"
            },
            {
              "name": "openSUSE-SU-2019:1923",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190905-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-20855",
    "datePublished": "2019-07-26T04:39:40",
    "dateReserved": "2019-07-26T00:00:00",
    "dateUpdated": "2024-08-05T12:12:29.320Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10078
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:06
Severity ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:25:00.888Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "name": "RHSA-2017:1789",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1789"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "99752",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99752"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "name": "DSA-3919",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3919"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:2469",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2469"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10078",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:39:49.541046Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T19:06:53.010Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 8u131"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as  unauthorized access to critical data or complete access to all Java SE accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-16T13:57:02",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:1790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "name": "RHSA-2017:1789",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1789"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "99752",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99752"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "name": "DSA-3919",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3919"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:2469",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2469"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10078",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 8u131"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as  unauthorized access to critical data or complete access to all Java SE accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1790"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "RHSA-2017:1789",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1789"
            },
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2017-002",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "99752",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99752"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "DSA-3919",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3919"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:2469",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2469"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10078",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T19:06:53.010Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-10690
Vulnerability from cvelistv5
Published
2020-05-08 13:48
Modified
2024-08-04 11:06
Summary
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:06:11.142Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
          },
          {
            "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
          },
          {
            "name": "openSUSE-SU-2020:0801",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
          },
          {
            "name": "USN-4419-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4419-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "Red Hat",
          "versions": [
            {
              "status": "affected",
              "version": "all kernel versions before 5.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-22T06:06:33",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
        },
        {
          "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
        },
        {
          "name": "openSUSE-SU-2020:0801",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
        },
        {
          "name": "USN-4419-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4419-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-10690",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "all kernel versions before 5.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Red Hat"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "6.5/CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200608-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
            },
            {
              "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
            },
            {
              "name": "openSUSE-SU-2020:0801",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
            },
            {
              "name": "USN-4419-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4419-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-10690",
    "datePublished": "2020-05-08T13:48:30",
    "dateReserved": "2020-03-20T00:00:00",
    "dateUpdated": "2024-08-04T11:06:11.142Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10281
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:55
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
https://access.redhat.com/errata/RHSA-2017:3047vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201711-14vendor-advisory, x_refsource_GENTOO
https://www.debian.org/security/2017/dsa-4015vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3267vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2998vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3268vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:3046vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/101378vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1039596vdb-entry, x_refsource_SECTRACK
https://security.gentoo.org/glsa/201710-31vendor-advisory, x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2017:3264vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2017/dsa-4048vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3392vendor-advisory, x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlmailing-list, x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20171019-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:2999vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:33:16.934Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:3047",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3047"
          },
          {
            "name": "GLSA-201711-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201711-14"
          },
          {
            "name": "DSA-4015",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4015"
          },
          {
            "name": "RHSA-2017:3267",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3267"
          },
          {
            "name": "RHSA-2017:2998",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2998"
          },
          {
            "name": "RHSA-2017:3268",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3268"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "RHSA-2017:3046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3046"
          },
          {
            "name": "101378",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101378"
          },
          {
            "name": "1039596",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039596"
          },
          {
            "name": "GLSA-201710-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201710-31"
          },
          {
            "name": "RHSA-2017:3264",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3264"
          },
          {
            "name": "DSA-4048",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4048"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:3392",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3392"
          },
          {
            "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
          },
          {
            "name": "RHSA-2017:2999",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2999"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10281",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:35:40.396884Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T16:55:34.292Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u161"
            },
            {
              "status": "affected",
              "version": "7u151"
            },
            {
              "status": "affected",
              "version": "8u144"
            },
            {
              "status": "affected",
              "version": "9; Java SE Embedded: 8u144; JRockit: R28.3.15"
            }
          ]
        }
      ],
      "datePublic": "2017-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-02T10:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:3047",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3047"
        },
        {
          "name": "GLSA-201711-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201711-14"
        },
        {
          "name": "DSA-4015",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4015"
        },
        {
          "name": "RHSA-2017:3267",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3267"
        },
        {
          "name": "RHSA-2017:2998",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2998"
        },
        {
          "name": "RHSA-2017:3268",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3268"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "RHSA-2017:3046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3046"
        },
        {
          "name": "101378",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101378"
        },
        {
          "name": "1039596",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039596"
        },
        {
          "name": "GLSA-201710-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201710-31"
        },
        {
          "name": "RHSA-2017:3264",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3264"
        },
        {
          "name": "DSA-4048",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4048"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:3392",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3392"
        },
        {
          "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
        },
        {
          "name": "RHSA-2017:2999",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2999"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10281",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u161"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u144"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9; Java SE Embedded: 8u144; JRockit: R28.3.15"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:3047",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3047"
            },
            {
              "name": "GLSA-201711-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201711-14"
            },
            {
              "name": "DSA-4015",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4015"
            },
            {
              "name": "RHSA-2017:3267",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3267"
            },
            {
              "name": "RHSA-2017:2998",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2998"
            },
            {
              "name": "RHSA-2017:3268",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3268"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "RHSA-2017:3046",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3046"
            },
            {
              "name": "101378",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101378"
            },
            {
              "name": "1039596",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039596"
            },
            {
              "name": "GLSA-201710-31",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201710-31"
            },
            {
              "name": "RHSA-2017:3264",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3264"
            },
            {
              "name": "DSA-4048",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4048"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:3392",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3392"
            },
            {
              "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171019-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
            },
            {
              "name": "RHSA-2017:2999",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2999"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10281",
    "datePublished": "2017-10-19T17:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T16:55:34.292Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-12771
Vulnerability from cvelistv5
Published
2020-05-09 20:16
Modified
2024-08-04 12:04
Severity ?
Summary
An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:04:22.892Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2020:1062",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html"
          },
          {
            "name": "openSUSE-SU-2020:1153",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html"
          },
          {
            "name": "[debian-lts-announce] 20200812 [SECURITY] [DLA 2323-1] linux-4.19 new package",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html"
          },
          {
            "name": "USN-4463-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4463-1/"
          },
          {
            "name": "USN-4465-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4465-1/"
          },
          {
            "name": "USN-4462-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4462-1/"
          },
          {
            "name": "USN-4483-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4483-1/"
          },
          {
            "name": "USN-4485-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4485-1/"
          },
          {
            "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
          },
          {
            "name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lkml.org/lkml/2020/4/26/87"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-14T17:20:15",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "openSUSE-SU-2020:1062",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html"
        },
        {
          "name": "openSUSE-SU-2020:1153",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html"
        },
        {
          "name": "[debian-lts-announce] 20200812 [SECURITY] [DLA 2323-1] linux-4.19 new package",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html"
        },
        {
          "name": "USN-4463-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4463-1/"
        },
        {
          "name": "USN-4465-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4465-1/"
        },
        {
          "name": "USN-4462-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4462-1/"
        },
        {
          "name": "USN-4483-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4483-1/"
        },
        {
          "name": "USN-4485-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4485-1/"
        },
        {
          "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
        },
        {
          "name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lkml.org/lkml/2020/4/26/87"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-12771",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2020:1062",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html"
            },
            {
              "name": "openSUSE-SU-2020:1153",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html"
            },
            {
              "name": "[debian-lts-announce] 20200812 [SECURITY] [DLA 2323-1] linux-4.19 new package",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html"
            },
            {
              "name": "USN-4463-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4463-1/"
            },
            {
              "name": "USN-4465-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4465-1/"
            },
            {
              "name": "USN-4462-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4462-1/"
            },
            {
              "name": "USN-4483-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4483-1/"
            },
            {
              "name": "USN-4485-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4485-1/"
            },
            {
              "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
            },
            {
              "name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200608-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
            },
            {
              "name": "https://lkml.org/lkml/2020/4/26/87",
              "refsource": "CONFIRM",
              "url": "https://lkml.org/lkml/2020/4/26/87"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-12771",
    "datePublished": "2020-05-09T20:16:20",
    "dateReserved": "2020-05-09T00:00:00",
    "dateUpdated": "2024-08-04T12:04:22.892Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-6110
Vulnerability from cvelistv5
Published
2019-01-31 00:00
Modified
2024-08-04 20:16
Severity ?
Summary
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:16:24.236Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190213-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
          },
          {
            "name": "46193",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/46193/"
          },
          {
            "name": "GLSA-201903-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201903-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-01-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://security.netapp.com/advisory/ntap-20190213-0001/"
        },
        {
          "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"
        },
        {
          "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c"
        },
        {
          "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
        },
        {
          "name": "46193",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/46193/"
        },
        {
          "name": "GLSA-201903-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201903-16"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-6110",
    "datePublished": "2019-01-31T00:00:00",
    "dateReserved": "2019-01-10T00:00:00",
    "dateUpdated": "2024-08-04T20:16:24.236Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10101
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:04
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
https://access.redhat.com/errata/RHSA-2017:1791vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/99674vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2017:1790vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170720-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1789vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2424vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1038931vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1792vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201709-22vendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3919vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:2481vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2530vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2469vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3954vendor-advisory, x_refsource_DEBIAN
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:33:15.087Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1791"
          },
          {
            "name": "99674",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99674"
          },
          {
            "name": "RHSA-2017:1790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "name": "RHSA-2017:1789",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1789"
          },
          {
            "name": "RHSA-2017:2424",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2424"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "RHSA-2017:1792",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1792"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "name": "DSA-3919",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3919"
          },
          {
            "name": "RHSA-2017:2481",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2481"
          },
          {
            "name": "RHSA-2017:2530",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2530"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:2469",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2469"
          },
          {
            "name": "DSA-3954",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3954"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10101",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:39:37.693201Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T19:04:13.779Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u151"
            },
            {
              "status": "affected",
              "version": "7u141"
            },
            {
              "status": "affected",
              "version": "8u131; Java SE Embedded: 8u131"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:1791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1791"
        },
        {
          "name": "99674",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99674"
        },
        {
          "name": "RHSA-2017:1790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "name": "RHSA-2017:1789",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1789"
        },
        {
          "name": "RHSA-2017:2424",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2424"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "RHSA-2017:1792",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1792"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "name": "DSA-3919",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3919"
        },
        {
          "name": "RHSA-2017:2481",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2481"
        },
        {
          "name": "RHSA-2017:2530",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2530"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:2469",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2469"
        },
        {
          "name": "DSA-3954",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3954"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10101",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u141"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u131; Java SE Embedded: 8u131"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1791"
            },
            {
              "name": "99674",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99674"
            },
            {
              "name": "RHSA-2017:1790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1790"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "RHSA-2017:1789",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1789"
            },
            {
              "name": "RHSA-2017:2424",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2424"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "RHSA-2017:1792",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1792"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "DSA-3919",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3919"
            },
            {
              "name": "RHSA-2017:2481",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2481"
            },
            {
              "name": "RHSA-2017:2530",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2530"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:2469",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2469"
            },
            {
              "name": "DSA-3954",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3954"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10101",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T19:04:13.779Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10116
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:02
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
https://access.redhat.com/errata/RHSA-2017:1791vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1790vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170720-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1789vendor-advisory, x_refsource_REDHAT
https://cert.vde.com/en-us/advisories/vde-2017-002x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:2424vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/99734vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1038931vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1792vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201709-22vendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3919vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:2481vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2530vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2469vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3954vendor-advisory, x_refsource_DEBIAN
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:33:15.968Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1791"
          },
          {
            "name": "RHSA-2017:1790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "name": "RHSA-2017:1789",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1789"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
          },
          {
            "name": "RHSA-2017:2424",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2424"
          },
          {
            "name": "99734",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99734"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "RHSA-2017:1792",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1792"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "name": "DSA-3919",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3919"
          },
          {
            "name": "RHSA-2017:2481",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2481"
          },
          {
            "name": "RHSA-2017:2530",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2530"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:2469",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2469"
          },
          {
            "name": "DSA-3954",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3954"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10116",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:39:25.933782Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T19:02:23.549Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u151"
            },
            {
              "status": "affected",
              "version": "7u141"
            },
            {
              "status": "affected",
              "version": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-16T13:57:02",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:1791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1791"
        },
        {
          "name": "RHSA-2017:1790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "name": "RHSA-2017:1789",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1789"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
        },
        {
          "name": "RHSA-2017:2424",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2424"
        },
        {
          "name": "99734",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99734"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "RHSA-2017:1792",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1792"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "name": "DSA-3919",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3919"
        },
        {
          "name": "RHSA-2017:2481",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2481"
        },
        {
          "name": "RHSA-2017:2530",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2530"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:2469",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2469"
        },
        {
          "name": "DSA-3954",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3954"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10116",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u141"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1791"
            },
            {
              "name": "RHSA-2017:1790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1790"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "RHSA-2017:1789",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1789"
            },
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2017-002",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
            },
            {
              "name": "RHSA-2017:2424",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2424"
            },
            {
              "name": "99734",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99734"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "RHSA-2017:1792",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1792"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "DSA-3919",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3919"
            },
            {
              "name": "RHSA-2017:2481",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2481"
            },
            {
              "name": "RHSA-2017:2530",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2530"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:2469",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2469"
            },
            {
              "name": "DSA-3954",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3954"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10116",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T19:02:23.549Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10081
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:06
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).
References
https://access.redhat.com/errata/RHSA-2017:1791vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1790vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170720-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1789vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2424vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1038931vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/99853vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2017:1792vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201709-22vendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3919vendor-advisory, x_refsource_DEBIAN
http://www.debian.org/security/2017/dsa-3954vendor-advisory, x_refsource_DEBIAN
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:25:00.872Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1791"
          },
          {
            "name": "RHSA-2017:1790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "name": "RHSA-2017:1789",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1789"
          },
          {
            "name": "RHSA-2017:2424",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2424"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "99853",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99853"
          },
          {
            "name": "RHSA-2017:1792",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1792"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "name": "DSA-3919",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3919"
          },
          {
            "name": "DSA-3954",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3954"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10081",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:52:39.260688Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T19:06:28.932Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u151"
            },
            {
              "status": "affected",
              "version": "7u141"
            },
            {
              "status": "affected",
              "version": "8u131; Java SE Embedded: 8u131"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:1791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1791"
        },
        {
          "name": "RHSA-2017:1790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "name": "RHSA-2017:1789",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1789"
        },
        {
          "name": "RHSA-2017:2424",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2424"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "99853",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99853"
        },
        {
          "name": "RHSA-2017:1792",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1792"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "name": "DSA-3919",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3919"
        },
        {
          "name": "DSA-3954",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3954"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10081",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u141"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u131; Java SE Embedded: 8u131"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1791"
            },
            {
              "name": "RHSA-2017:1790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1790"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "RHSA-2017:1789",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1789"
            },
            {
              "name": "RHSA-2017:2424",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2424"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "99853",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99853"
            },
            {
              "name": "RHSA-2017:1792",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1792"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "DSA-3919",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3919"
            },
            {
              "name": "DSA-3954",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3954"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10081",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T19:06:28.932Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10090
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
https://access.redhat.com/errata/RHSA-2017:1791vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1790vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170720-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1789vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2424vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1038931vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/99706vdb-entry, x_refsource_BID
https://security.gentoo.org/glsa/201709-22vendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3919vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:2481vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2469vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3954vendor-advisory, x_refsource_DEBIAN
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:33:15.096Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1791"
          },
          {
            "name": "RHSA-2017:1790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "name": "RHSA-2017:1789",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1789"
          },
          {
            "name": "RHSA-2017:2424",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2424"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "99706",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99706"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "name": "DSA-3919",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3919"
          },
          {
            "name": "RHSA-2017:2481",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2481"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:2469",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2469"
          },
          {
            "name": "DSA-3954",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3954"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10090",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:39:39.963977Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T19:05:20.071Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u141"
            },
            {
              "status": "affected",
              "version": "8u131; Java SE Embedded: 8u131"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:1791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1791"
        },
        {
          "name": "RHSA-2017:1790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "name": "RHSA-2017:1789",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1789"
        },
        {
          "name": "RHSA-2017:2424",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2424"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "99706",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99706"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "name": "DSA-3919",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3919"
        },
        {
          "name": "RHSA-2017:2481",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2481"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:2469",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2469"
        },
        {
          "name": "DSA-3954",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3954"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10090",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u141"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u131; Java SE Embedded: 8u131"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1791"
            },
            {
              "name": "RHSA-2017:1790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1790"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "RHSA-2017:1789",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1789"
            },
            {
              "name": "RHSA-2017:2424",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2424"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "99706",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99706"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "DSA-3919",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3919"
            },
            {
              "name": "RHSA-2017:2481",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2481"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:2469",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2469"
            },
            {
              "name": "DSA-3954",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3954"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10090",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T19:05:20.071Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-20685
Vulnerability from cvelistv5
Published
2019-01-10 00:00
Modified
2024-08-05 12:05
Severity ?
Summary
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:05:17.712Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4387",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4387"
          },
          {
            "name": "USN-3885-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3885-1/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197\u0026r2=1.198\u0026f=h"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190215-0001/"
          },
          {
            "name": "106531",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106531"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
          },
          {
            "name": "GLSA-201903-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201903-16"
          },
          {
            "name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "name": "RHSA-2019:3702",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3702"
          },
          {
            "name": "GLSA-202007-53",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202007-53"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4387",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4387"
        },
        {
          "name": "USN-3885-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/3885-1/"
        },
        {
          "url": "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2"
        },
        {
          "url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197\u0026r2=1.198\u0026f=h"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20190215-0001/"
        },
        {
          "name": "106531",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/106531"
        },
        {
          "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
        },
        {
          "name": "GLSA-201903-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201903-16"
        },
        {
          "name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "name": "RHSA-2019:3702",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3702"
        },
        {
          "name": "GLSA-202007-53",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202007-53"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-20685",
    "datePublished": "2019-01-10T00:00:00",
    "dateReserved": "2019-01-10T00:00:00",
    "dateUpdated": "2024-08-05T12:05:17.712Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10357
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:48
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
https://access.redhat.com/errata/RHSA-2017:3047vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201711-14vendor-advisory, x_refsource_GENTOO
https://www.debian.org/security/2017/dsa-4015vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3267vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2998vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3268vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:3046vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/101355vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1039596vdb-entry, x_refsource_SECTRACK
https://security.gentoo.org/glsa/201710-31vendor-advisory, x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2017:3264vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2017/dsa-4048vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3392vendor-advisory, x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlmailing-list, x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20171019-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:2999vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:41:55.428Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:3047",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3047"
          },
          {
            "name": "GLSA-201711-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201711-14"
          },
          {
            "name": "DSA-4015",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4015"
          },
          {
            "name": "RHSA-2017:3267",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3267"
          },
          {
            "name": "RHSA-2017:2998",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2998"
          },
          {
            "name": "RHSA-2017:3268",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3268"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "RHSA-2017:3046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3046"
          },
          {
            "name": "101355",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101355"
          },
          {
            "name": "1039596",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039596"
          },
          {
            "name": "GLSA-201710-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201710-31"
          },
          {
            "name": "RHSA-2017:3264",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3264"
          },
          {
            "name": "DSA-4048",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4048"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:3392",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3392"
          },
          {
            "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
          },
          {
            "name": "RHSA-2017:2999",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2999"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10357",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:35:21.423641Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T16:48:18.092Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u161"
            },
            {
              "status": "affected",
              "version": "7u151"
            },
            {
              "status": "affected",
              "version": "8u144"
            },
            {
              "status": "affected",
              "version": "9; Java SE Embedded: 8u144"
            }
          ]
        }
      ],
      "datePublic": "2017-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-02T10:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:3047",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3047"
        },
        {
          "name": "GLSA-201711-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201711-14"
        },
        {
          "name": "DSA-4015",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4015"
        },
        {
          "name": "RHSA-2017:3267",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3267"
        },
        {
          "name": "RHSA-2017:2998",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2998"
        },
        {
          "name": "RHSA-2017:3268",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3268"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "RHSA-2017:3046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3046"
        },
        {
          "name": "101355",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101355"
        },
        {
          "name": "1039596",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039596"
        },
        {
          "name": "GLSA-201710-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201710-31"
        },
        {
          "name": "RHSA-2017:3264",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3264"
        },
        {
          "name": "DSA-4048",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4048"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:3392",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3392"
        },
        {
          "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
        },
        {
          "name": "RHSA-2017:2999",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2999"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10357",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u161"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u144"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9; Java SE Embedded: 8u144"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:3047",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3047"
            },
            {
              "name": "GLSA-201711-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201711-14"
            },
            {
              "name": "DSA-4015",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4015"
            },
            {
              "name": "RHSA-2017:3267",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3267"
            },
            {
              "name": "RHSA-2017:2998",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2998"
            },
            {
              "name": "RHSA-2017:3268",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3268"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "RHSA-2017:3046",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3046"
            },
            {
              "name": "101355",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101355"
            },
            {
              "name": "1039596",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039596"
            },
            {
              "name": "GLSA-201710-31",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201710-31"
            },
            {
              "name": "RHSA-2017:3264",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3264"
            },
            {
              "name": "DSA-4048",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4048"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:3392",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3392"
            },
            {
              "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171019-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
            },
            {
              "name": "RHSA-2017:2999",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2999"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10357",
    "datePublished": "2017-10-19T17:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T16:48:18.092Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-12888
Vulnerability from cvelistv5
Published
2020-05-15 17:02
Modified
2024-08-04 12:11
Severity ?
Summary
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:11:18.700Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit%40gimli.home/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit%40gimli.home/"
          },
          {
            "name": "[oss-security] 20200519 CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/05/19/6"
          },
          {
            "name": "FEDORA-2020-57bf620276",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXGMJHWTMQI34NJZ4BHL3ZVF264AWBF2/"
          },
          {
            "name": "FEDORA-2020-5436586091",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBEHRQQZTKJTPQFPY3JAO7MQ4JAFEQNW/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
          },
          {
            "name": "openSUSE-SU-2020:0935",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
          },
          {
            "name": "openSUSE-SU-2020:1153",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html"
          },
          {
            "name": "USN-4526-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4526-1/"
          },
          {
            "name": "USN-4525-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4525-1/"
          },
          {
            "name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html"
          },
          {
            "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
          },
          {
            "name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-31T17:06:22",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit%40gimli.home/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit%40gimli.home/"
        },
        {
          "name": "[oss-security] 20200519 CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/05/19/6"
        },
        {
          "name": "FEDORA-2020-57bf620276",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXGMJHWTMQI34NJZ4BHL3ZVF264AWBF2/"
        },
        {
          "name": "FEDORA-2020-5436586091",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBEHRQQZTKJTPQFPY3JAO7MQ4JAFEQNW/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
        },
        {
          "name": "openSUSE-SU-2020:0935",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
        },
        {
          "name": "openSUSE-SU-2020:1153",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html"
        },
        {
          "name": "USN-4526-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4526-1/"
        },
        {
          "name": "USN-4525-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4525-1/"
        },
        {
          "name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html"
        },
        {
          "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
        },
        {
          "name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-12888",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit@gimli.home/",
              "refsource": "MISC",
              "url": "https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit@gimli.home/"
            },
            {
              "name": "https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit@gimli.home/",
              "refsource": "MISC",
              "url": "https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit@gimli.home/"
            },
            {
              "name": "[oss-security] 20200519 CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/05/19/6"
            },
            {
              "name": "FEDORA-2020-57bf620276",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXGMJHWTMQI34NJZ4BHL3ZVF264AWBF2/"
            },
            {
              "name": "FEDORA-2020-5436586091",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBEHRQQZTKJTPQFPY3JAO7MQ4JAFEQNW/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200608-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
            },
            {
              "name": "openSUSE-SU-2020:0935",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
            },
            {
              "name": "openSUSE-SU-2020:1153",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html"
            },
            {
              "name": "USN-4526-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4526-1/"
            },
            {
              "name": "USN-4525-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4525-1/"
            },
            {
              "name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html"
            },
            {
              "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
            },
            {
              "name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-12888",
    "datePublished": "2020-05-15T17:02:20",
    "dateReserved": "2020-05-15T00:00:00",
    "dateUpdated": "2024-08-04T12:11:18.700Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10388
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:44
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).
References
https://access.redhat.com/errata/RHSA-2017:3047vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201711-14vendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/bid/101321vdb-entry, x_refsource_BID
https://www.synology.com/support/security/Synology_SA_17_66_OpenJDKx_refsource_CONFIRM
https://www.debian.org/security/2017/dsa-4015vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3267vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2998vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3268vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:3046vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1039596vdb-entry, x_refsource_SECTRACK
https://security.gentoo.org/glsa/201710-31vendor-advisory, x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2017:3264vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2017/dsa-4048vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3392vendor-advisory, x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlmailing-list, x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20171019-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:2999vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:41:55.428Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:3047",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3047"
          },
          {
            "name": "GLSA-201711-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201711-14"
          },
          {
            "name": "101321",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101321"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK"
          },
          {
            "name": "DSA-4015",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4015"
          },
          {
            "name": "RHSA-2017:3267",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3267"
          },
          {
            "name": "RHSA-2017:2998",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2998"
          },
          {
            "name": "RHSA-2017:3268",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3268"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "RHSA-2017:3046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3046"
          },
          {
            "name": "1039596",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039596"
          },
          {
            "name": "GLSA-201710-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201710-31"
          },
          {
            "name": "RHSA-2017:3264",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3264"
          },
          {
            "name": "DSA-4048",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4048"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:3392",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3392"
          },
          {
            "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
          },
          {
            "name": "RHSA-2017:2999",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2999"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10388",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:38:56.925674Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T16:44:59.766Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u161"
            },
            {
              "status": "affected",
              "version": "7u151"
            },
            {
              "status": "affected",
              "version": "8u144"
            },
            {
              "status": "affected",
              "version": "9; Java SE Embedded: 8u144"
            }
          ]
        }
      ],
      "datePublic": "2017-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-02T10:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:3047",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3047"
        },
        {
          "name": "GLSA-201711-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201711-14"
        },
        {
          "name": "101321",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101321"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK"
        },
        {
          "name": "DSA-4015",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4015"
        },
        {
          "name": "RHSA-2017:3267",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3267"
        },
        {
          "name": "RHSA-2017:2998",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2998"
        },
        {
          "name": "RHSA-2017:3268",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3268"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "RHSA-2017:3046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3046"
        },
        {
          "name": "1039596",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039596"
        },
        {
          "name": "GLSA-201710-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201710-31"
        },
        {
          "name": "RHSA-2017:3264",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3264"
        },
        {
          "name": "DSA-4048",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4048"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:3392",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3392"
        },
        {
          "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
        },
        {
          "name": "RHSA-2017:2999",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2999"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10388",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u161"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u144"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9; Java SE Embedded: 8u144"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:3047",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3047"
            },
            {
              "name": "GLSA-201711-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201711-14"
            },
            {
              "name": "101321",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101321"
            },
            {
              "name": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK"
            },
            {
              "name": "DSA-4015",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4015"
            },
            {
              "name": "RHSA-2017:3267",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3267"
            },
            {
              "name": "RHSA-2017:2998",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2998"
            },
            {
              "name": "RHSA-2017:3268",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3268"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "RHSA-2017:3046",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3046"
            },
            {
              "name": "1039596",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039596"
            },
            {
              "name": "GLSA-201710-31",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201710-31"
            },
            {
              "name": "RHSA-2017:3264",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3264"
            },
            {
              "name": "DSA-4048",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4048"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:3392",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3392"
            },
            {
              "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171019-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
            },
            {
              "name": "RHSA-2017:2999",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2999"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10388",
    "datePublished": "2017-10-19T17:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T16:44:59.766Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-21476
Vulnerability from cvelistv5
Published
2022-04-19 20:38
Modified
2024-08-03 02:38
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:38:56.676Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
          },
          {
            "name": "DSA-5128",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5128"
          },
          {
            "name": "DSA-5131",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5131"
          },
          {
            "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:7u331"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u321"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.14"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.2"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:18"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.5"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:22.0.0.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-14T11:06:05",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
        },
        {
          "name": "DSA-5128",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5128"
        },
        {
          "name": "DSA-5131",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5131"
        },
        {
          "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2022-21476",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:7u331"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:8u321"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:11.0.14"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:17.0.2"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:18"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:20.3.5"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:21.3.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:22.0.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "7.5",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220429-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
            },
            {
              "name": "DSA-5128",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5128"
            },
            {
              "name": "DSA-5131",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5131"
            },
            {
              "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21476",
    "datePublished": "2022-04-19T20:38:20",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-08-03T02:38:56.676Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-32207
Vulnerability from cvelistv5
Published
2022-07-07 00:00
Modified
2024-08-03 07:32
Severity ?
Summary
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:32:56.011Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/1573634"
          },
          {
            "name": "FEDORA-2022-1b3d7f6973",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
          },
          {
            "name": "DSA-5197",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5197"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213488"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
          },
          {
            "name": "GLSA-202212-01",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202212-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "https://github.com/curl/curl",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in 7.84.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When curl \u003c 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-840",
              "description": "Business Logic Errors (CWE-840)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-19T00:00:00",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://hackerone.com/reports/1573634"
        },
        {
          "name": "FEDORA-2022-1b3d7f6973",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
        },
        {
          "name": "DSA-5197",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5197"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
        },
        {
          "url": "https://support.apple.com/kb/HT213488"
        },
        {
          "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
        },
        {
          "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
        },
        {
          "name": "GLSA-202212-01",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202212-01"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2022-32207",
    "datePublished": "2022-07-07T00:00:00",
    "dateReserved": "2022-06-01T00:00:00",
    "dateUpdated": "2024-08-03T07:32:56.011Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-3137
Vulnerability from cvelistv5
Published
2019-01-16 20:00
Modified
2024-09-17 01:02
Summary
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.
References
https://access.redhat.com/errata/RHSA-2017:1095vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201708-01vendor-advisory, x_refsource_GENTOO
http://www.securitytracker.com/id/1038258vdb-entry, x_refsource_SECTRACK
https://security.netapp.com/advisory/ntap-20180802-0002/x_refsource_CONFIRM
http://www.securitytracker.com/id/1040195vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1582vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2017/dsa-3854vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:1583vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/97651vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2017:1105vendor-advisory, x_refsource_REDHAT
https://kb.isc.org/docs/aa-01466x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:16:28.234Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1095",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1095"
          },
          {
            "name": "GLSA-201708-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201708-01"
          },
          {
            "name": "1038258",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038258"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180802-0002/"
          },
          {
            "name": "1040195",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040195"
          },
          {
            "name": "RHSA-2017:1582",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1582"
          },
          {
            "name": "DSA-3854",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3854"
          },
          {
            "name": "RHSA-2017:1583",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1583"
          },
          {
            "name": "97651",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97651"
          },
          {
            "name": "RHSA-2017:1105",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1105"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/docs/aa-01466"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "status": "affected",
              "version": "9.9.9-P6, 9.9.10b1-\u003e9.9.10rc1, 9.10.4-P6, 9.10.5b1-\u003e9.10.5rc1, 9.11.0-P3, 9.11.1b1-\u003e9.11.1rc1, and 9.9.9-S8"
            }
          ]
        }
      ],
      "datePublic": "2017-03-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1-\u003e9.9.10rc1, 9.10.4-P6, 9.10.5b1-\u003e9.10.5rc1, 9.11.0-P3, 9.11.1b1-\u003e9.11.1rc1, and 9.9.9-S8."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "A server which is performing recursion can be forced to exit with an assertion failure if it can be caused to receive a response containing CNAME or DNAME resource records with certain ordering.  An attacker can cause a denial of service by exploiting this condition.  Recursive resolvers are at highest risk but authoritative servers are theoretically vulnerable if they perform recursion.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-17T10:57:01",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "name": "RHSA-2017:1095",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1095"
        },
        {
          "name": "GLSA-201708-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201708-01"
        },
        {
          "name": "1038258",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038258"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180802-0002/"
        },
        {
          "name": "1040195",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040195"
        },
        {
          "name": "RHSA-2017:1582",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1582"
        },
        {
          "name": "DSA-3854",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3854"
        },
        {
          "name": "RHSA-2017:1583",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1583"
        },
        {
          "name": "97651",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97651"
        },
        {
          "name": "RHSA-2017:1105",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1105"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/docs/aa-01466"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n    BIND 9 version 9.9.9-P8\n    BIND 9 version 9.10.4-P8\n    BIND 9 version 9.11.0-P5\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n    BIND 9 version 9.9.9-S10\n\nNew maintenance releases of BIND are also scheduled which contain the fix for this vulnerability.  In addition to the security releases listed above, fixes for this vulnerability are also included in these release candidate versions:\n\n    BIND 9 version 9.9.10rc3\n    BIND 9 version 9.10.5rc3\n    BIND 9 version 9.11.1rc3"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME",
      "workarounds": [
        {
          "lang": "en",
          "value": "None known."
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-officer@isc.org",
          "DATE_PUBLIC": "2017-03-12T00:00:00.000Z",
          "ID": "CVE-2017-3137",
          "STATE": "PUBLIC",
          "TITLE": "A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIND 9",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.9.9-P6, 9.9.10b1-\u003e9.9.10rc1, 9.10.4-P6, 9.10.5b1-\u003e9.10.5rc1, 9.11.0-P3, 9.11.1b1-\u003e9.11.1rc1, and 9.9.9-S8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ISC"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1-\u003e9.9.10rc1, 9.10.4-P6, 9.10.5b1-\u003e9.10.5rc1, 9.11.0-P3, 9.11.1b1-\u003e9.11.1rc1, and 9.9.9-S8."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "A server which is performing recursion can be forced to exit with an assertion failure if it can be caused to receive a response containing CNAME or DNAME resource records with certain ordering.  An attacker can cause a denial of service by exploiting this condition.  Recursive resolvers are at highest risk but authoritative servers are theoretically vulnerable if they perform recursion."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1095",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1095"
            },
            {
              "name": "GLSA-201708-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201708-01"
            },
            {
              "name": "1038258",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038258"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180802-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180802-0002/"
            },
            {
              "name": "1040195",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040195"
            },
            {
              "name": "RHSA-2017:1582",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1582"
            },
            {
              "name": "DSA-3854",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3854"
            },
            {
              "name": "RHSA-2017:1583",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1583"
            },
            {
              "name": "97651",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97651"
            },
            {
              "name": "RHSA-2017:1105",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1105"
            },
            {
              "name": "https://kb.isc.org/docs/aa-01466",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/docs/aa-01466"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n    BIND 9 version 9.9.9-P8\n    BIND 9 version 9.10.4-P8\n    BIND 9 version 9.11.0-P5\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n    BIND 9 version 9.9.9-S10\n\nNew maintenance releases of BIND are also scheduled which contain the fix for this vulnerability.  In addition to the security releases listed above, fixes for this vulnerability are also included in these release candidate versions:\n\n    BIND 9 version 9.9.10rc3\n    BIND 9 version 9.10.5rc3\n    BIND 9 version 9.11.1rc3"
          }
        ],
        "source": {
          "discovery": "UNKNOWN"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "None known."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2017-3137",
    "datePublished": "2019-01-16T20:00:00Z",
    "dateReserved": "2016-12-02T00:00:00",
    "dateUpdated": "2024-09-17T01:02:07.037Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-13817
Vulnerability from cvelistv5
Published
2020-06-04 12:31
Modified
2024-08-04 12:25
Summary
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:25:16.566Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2020:0934",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
          },
          {
            "name": "openSUSE-SU-2020:1007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
          },
          {
            "name": "GLSA-202007-12",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202007-12"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/NtpBug3596"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.ntp.org/show_bug.cgi?id=3596"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200625-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-07T14:40:21",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "openSUSE-SU-2020:0934",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
        },
        {
          "name": "openSUSE-SU-2020:1007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
        },
        {
          "name": "GLSA-202007-12",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202007-12"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://support.ntp.org/bin/view/Main/NtpBug3596"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.ntp.org/show_bug.cgi?id=3596"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200625-0004/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-13817",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2020:0934",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
            },
            {
              "name": "openSUSE-SU-2020:1007",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
            },
            {
              "name": "GLSA-202007-12",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202007-12"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/NtpBug3596",
              "refsource": "MISC",
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3596"
            },
            {
              "name": "https://bugs.ntp.org/show_bug.cgi?id=3596",
              "refsource": "MISC",
              "url": "https://bugs.ntp.org/show_bug.cgi?id=3596"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200625-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200625-0004/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-13817",
    "datePublished": "2020-06-04T12:31:55",
    "dateReserved": "2020-06-04T00:00:00",
    "dateUpdated": "2024-08-04T12:25:16.566Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10176
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 17:12
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:33:16.616Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1791"
          },
          {
            "name": "RHSA-2017:1790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
          },
          {
            "name": "99788",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99788"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "name": "DSA-3919",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3919"
          },
          {
            "name": "DSA-3954",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3954"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10176",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:36:31.501312Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T17:12:17.207Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u141"
            },
            {
              "status": "affected",
              "version": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-16T13:57:02",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:1791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1791"
        },
        {
          "name": "RHSA-2017:1790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
        },
        {
          "name": "99788",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99788"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "name": "DSA-3919",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3919"
        },
        {
          "name": "DSA-3954",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3954"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10176",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u141"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1791"
            },
            {
              "name": "RHSA-2017:1790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1790"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2017-002",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
            },
            {
              "name": "99788",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99788"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "DSA-3919",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3919"
            },
            {
              "name": "DSA-3954",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3954"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10176",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T17:12:17.207Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10110
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:03
Severity ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
https://access.redhat.com/errata/RHSA-2017:1791vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1790vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170720-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1789vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2424vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1038931vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/99643vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2017:1792vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201709-22vendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3919vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:2481vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2530vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2469vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3954vendor-advisory, x_refsource_DEBIAN
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:33:16.409Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1791"
          },
          {
            "name": "RHSA-2017:1790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "name": "RHSA-2017:1789",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1789"
          },
          {
            "name": "RHSA-2017:2424",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2424"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "99643",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99643"
          },
          {
            "name": "RHSA-2017:1792",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1792"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "name": "DSA-3919",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3919"
          },
          {
            "name": "RHSA-2017:2481",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2481"
          },
          {
            "name": "RHSA-2017:2530",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2530"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:2469",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2469"
          },
          {
            "name": "DSA-3954",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3954"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10110",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:39:34.259834Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T19:03:06.516Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u151"
            },
            {
              "status": "affected",
              "version": "7u141"
            },
            {
              "status": "affected",
              "version": "8u131"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:1791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1791"
        },
        {
          "name": "RHSA-2017:1790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "name": "RHSA-2017:1789",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1789"
        },
        {
          "name": "RHSA-2017:2424",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2424"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "99643",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99643"
        },
        {
          "name": "RHSA-2017:1792",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1792"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "name": "DSA-3919",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3919"
        },
        {
          "name": "RHSA-2017:2481",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2481"
        },
        {
          "name": "RHSA-2017:2530",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2530"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:2469",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2469"
        },
        {
          "name": "DSA-3954",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3954"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10110",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u141"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u131"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1791"
            },
            {
              "name": "RHSA-2017:1790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1790"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "RHSA-2017:1789",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1789"
            },
            {
              "name": "RHSA-2017:2424",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2424"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "99643",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99643"
            },
            {
              "name": "RHSA-2017:1792",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1792"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "DSA-3919",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3919"
            },
            {
              "name": "RHSA-2017:2481",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2481"
            },
            {
              "name": "RHSA-2017:2530",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2530"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:2469",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2469"
            },
            {
              "name": "DSA-3954",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3954"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10110",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T19:03:06.516Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-3138
Vulnerability from cvelistv5
Published
2019-01-16 20:00
Modified
2024-09-16 22:40
Summary
named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9.
References
http://www.securitytracker.com/id/1038260vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/97657vdb-entry, x_refsource_BID
https://security.gentoo.org/glsa/201708-01vendor-advisory, x_refsource_GENTOO
https://security.netapp.com/advisory/ntap-20180802-0002/x_refsource_CONFIRM
https://www.debian.org/security/2017/dsa-3854vendor-advisory, x_refsource_DEBIAN
https://kb.isc.org/docs/aa-01471x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:16:28.221Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038260",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038260"
          },
          {
            "name": "97657",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97657"
          },
          {
            "name": "GLSA-201708-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201708-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180802-0002/"
          },
          {
            "name": "DSA-3854",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3854"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/docs/aa-01471"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "status": "affected",
              "version": "9.9.9-\u003e9.9.9-P7, 9.9.10b1-\u003e9.9.10rc2, 9.10.4-\u003e9.10.4-P7, 9.10.5b1-\u003e9.10.5rc2, 9.11.0-\u003e9.11.0-P4, 9.11.1b1-\u003e9.11.1rc2, 9.9.9-S1-\u003e9.9.9-S9"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Mike Lalumiere of Dyn, Inc., for bringing this issue to our attention."
        }
      ],
      "datePublic": "2017-03-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9-\u003e9.9.9-P7, 9.9.10b1-\u003e9.9.10rc2, 9.10.4-\u003e9.10.4-P7, 9.10.5b1-\u003e9.10.5rc2, 9.11.0-\u003e9.11.0-P4, 9.11.1b1-\u003e9.11.1rc2, 9.9.9-S1-\u003e9.9.9-S9."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "The BIND control channel is not configured by default, but when configured will accept commands from those IP addresses that are specified in its access control list and/or from clients which present the proper transaction key.  Using this defect, an attacker can cause a running server to stop if they can get it to accept control channel input from them.  In most instances this is not as bad as it sounds, because existing commands permitted over the control channel (i.e. \"rndc stop\") can already be given to cause the server to stop.\n\nHowever, BIND 9.11.0 introduced a new option to allow \"read only\" commands over the command channel.  Using this restriction, a server can be configured to limit specified clients to giving control channel commands which return information only (e.g. \"rndc status\") without affecting the operational state of the server.  The defect described in this advisory, however, is not properly stopped by the \"read only\" restriction, in essence permitting a privilege escalation allowing a client which should only be permitted the limited set of \"read only\" operations to cause the server to stop execution.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-17T10:57:01",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "name": "1038260",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038260"
        },
        {
          "name": "97657",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97657"
        },
        {
          "name": "GLSA-201708-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201708-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180802-0002/"
        },
        {
          "name": "DSA-3854",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3854"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/docs/aa-01471"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n    BIND 9 version 9.9.9-P8\n    BIND 9 version 9.10.4-P8\n    BIND 9 version 9.11.0-P5\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n    BIND 9 version 9.9.9-S10\n\nNew maintenance releases of BIND are also scheduled which contain the fix for this vulnerability.  In addition to the security releases listed above, fixes for this vulnerability are also included in these release candidate versions:\n\n    BIND 9 version 9.9.10rc3\n    BIND 9 version 9.10.5rc3\n    BIND 9 version 9.11.1rc3"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "named exits with a REQUIRE assertion failure if it receives a null command string on its control channel",
      "workarounds": [
        {
          "lang": "en",
          "value": "None.  However, in a properly configured server, access to the control channel should already be limited by either network ACLs, TSIG keys, or both."
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-officer@isc.org",
          "DATE_PUBLIC": "2017-03-12T00:00:00.000Z",
          "ID": "CVE-2017-3138",
          "STATE": "PUBLIC",
          "TITLE": "named exits with a REQUIRE assertion failure if it receives a null command string on its control channel"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIND 9",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.9.9-\u003e9.9.9-P7, 9.9.10b1-\u003e9.9.10rc2, 9.10.4-\u003e9.10.4-P7, 9.10.5b1-\u003e9.10.5rc2, 9.11.0-\u003e9.11.0-P4, 9.11.1b1-\u003e9.11.1rc2, 9.9.9-S1-\u003e9.9.9-S9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ISC"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "ISC would like to thank Mike Lalumiere of Dyn, Inc., for bringing this issue to our attention."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9-\u003e9.9.9-P7, 9.9.10b1-\u003e9.9.10rc2, 9.10.4-\u003e9.10.4-P7, 9.10.5b1-\u003e9.10.5rc2, 9.11.0-\u003e9.11.0-P4, 9.11.1b1-\u003e9.11.1rc2, 9.9.9-S1-\u003e9.9.9-S9."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "The BIND control channel is not configured by default, but when configured will accept commands from those IP addresses that are specified in its access control list and/or from clients which present the proper transaction key.  Using this defect, an attacker can cause a running server to stop if they can get it to accept control channel input from them.  In most instances this is not as bad as it sounds, because existing commands permitted over the control channel (i.e. \"rndc stop\") can already be given to cause the server to stop.\n\nHowever, BIND 9.11.0 introduced a new option to allow \"read only\" commands over the command channel.  Using this restriction, a server can be configured to limit specified clients to giving control channel commands which return information only (e.g. \"rndc status\") without affecting the operational state of the server.  The defect described in this advisory, however, is not properly stopped by the \"read only\" restriction, in essence permitting a privilege escalation allowing a client which should only be permitted the limited set of \"read only\" operations to cause the server to stop execution."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038260",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038260"
            },
            {
              "name": "97657",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97657"
            },
            {
              "name": "GLSA-201708-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201708-01"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180802-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180802-0002/"
            },
            {
              "name": "DSA-3854",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3854"
            },
            {
              "name": "https://kb.isc.org/docs/aa-01471",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/docs/aa-01471"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n    BIND 9 version 9.9.9-P8\n    BIND 9 version 9.10.4-P8\n    BIND 9 version 9.11.0-P5\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n    BIND 9 version 9.9.9-S10\n\nNew maintenance releases of BIND are also scheduled which contain the fix for this vulnerability.  In addition to the security releases listed above, fixes for this vulnerability are also included in these release candidate versions:\n\n    BIND 9 version 9.9.10rc3\n    BIND 9 version 9.10.5rc3\n    BIND 9 version 9.11.1rc3"
          }
        ],
        "source": {
          "discovery": "UNKNOWN"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "None.  However, in a properly configured server, access to the control channel should already be limited by either network ACLs, TSIG keys, or both."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2017-3138",
    "datePublished": "2019-01-16T20:00:00Z",
    "dateReserved": "2016-12-02T00:00:00",
    "dateUpdated": "2024-09-16T22:40:54.323Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-12538
Vulnerability from cvelistv5
Published
2018-06-22 19:00
Modified
2024-08-05 08:38
Severity ?
Summary
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:38:06.131Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1041194",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041194"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20181014-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Eclipse Jetty",
          "vendor": "The Eclipse Foundation",
          "versions": [
            {
              "lessThan": "9.4.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "9.4.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-06-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem\u0027s storage for the FileSessionDataStore."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-6",
              "description": "CWE-6: J2EE Misconfiguration: Insufficient Session-ID Length",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:14:53",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "name": "1041194",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041194"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20181014-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@eclipse.org",
          "ID": "CVE-2018-12538",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Eclipse Jetty",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "9.4.9"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "9.4.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The Eclipse Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem\u0027s storage for the FileSessionDataStore."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-6: J2EE Misconfiguration: Insufficient Session-ID Length"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1041194",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041194"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20181014-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20181014-0001/"
            },
            {
              "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018",
              "refsource": "CONFIRM",
              "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2018-12538",
    "datePublished": "2018-06-22T19:00:00",
    "dateReserved": "2018-06-18T00:00:00",
    "dateUpdated": "2024-08-05T08:38:06.131Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-2068
Vulnerability from cvelistv5
Published
2022-06-21 14:45
Modified
2024-09-16 19:41
Severity ?
Summary
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:24:44.279Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20220621.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9"
          },
          {
            "name": "DSA-5169",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5169"
          },
          {
            "name": "FEDORA-2022-3b7d0abd0b",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220707-0008/"
          },
          {
            "name": "FEDORA-2022-41890e9e44",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Chancen (Qingteng 73lab)"
        }
      ],
      "datePublic": "2022-06-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
              "value": "Moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Command injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-10T00:00:00",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20220621.txt"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9"
        },
        {
          "name": "DSA-5169",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5169"
        },
        {
          "name": "FEDORA-2022-3b7d0abd0b",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220707-0008/"
        },
        {
          "name": "FEDORA-2022-41890e9e44",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
        }
      ],
      "title": "The c_rehash script allows command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2022-2068",
    "datePublished": "2022-06-21T14:45:20.597138Z",
    "dateReserved": "2022-06-13T00:00:00",
    "dateUpdated": "2024-09-16T19:41:46.658Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-7657
Vulnerability from cvelistv5
Published
2018-06-26 16:00
Modified
2024-08-05 16:12
Severity ?
Summary
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.
References
https://www.debian.org/security/2018/dsa-4278vendor-advisory, x_refsource_DEBIAN
http://www.securitytracker.com/id/1041194vdb-entry, x_refsource_SECTRACK
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:0910vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20181014-0001/x_refsource_CONFIRM
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_usx_refsource_CONFIRM
https://bugs.eclipse.org/bugs/show_bug.cgi?id=535668x_refsource_CONFIRM
https://lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574%40%3Ccommits.druid.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r41af10c4adec8d34a969abeb07fd0d6ad0c86768b751464f1cdd23e8%40%3Ccommits.druid.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae%40%3Ccommits.druid.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:12:27.850Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4278",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4278"
          },
          {
            "name": "1041194",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041194"
          },
          {
            "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
          },
          {
            "name": "RHSA-2019:0910",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0910"
          },
          {
            "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20181014-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03953en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535668"
          },
          {
            "name": "[druid-commits] 20210226 [GitHub] [druid] kingnj opened a new issue #10926: Hello, are there any plans to fix the CVE-2017-7657 and CVE-2017-7658 vulnerabilities of Jetty",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20210304 [GitHub] [druid] suneet-s commented on issue #10926: Hello, are there any plans to fix the CVE-2017-7657 and CVE-2017-7658 vulnerabilities of Jetty",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r41af10c4adec8d34a969abeb07fd0d6ad0c86768b751464f1cdd23e8%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20210304 [GitHub] [druid] suneet-s closed issue #10926: Hello, are there any plans to fix the CVE-2017-7657 and CVE-2017-7658 vulnerabilities of Jetty",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Eclipse Jetty",
          "vendor": "The Eclipse Foundation",
          "versions": [
            {
              "lessThanOrEqual": "9.2.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "9.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "9.3.24",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "9.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "9.4.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-06-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T22:53:08",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "name": "DSA-4278",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4278"
        },
        {
          "name": "1041194",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041194"
        },
        {
          "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
        },
        {
          "name": "RHSA-2019:0910",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0910"
        },
        {
          "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20181014-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03953en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535668"
        },
        {
          "name": "[druid-commits] 20210226 [GitHub] [druid] kingnj opened a new issue #10926: Hello, are there any plans to fix the CVE-2017-7657 and CVE-2017-7658 vulnerabilities of Jetty",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20210304 [GitHub] [druid] suneet-s commented on issue #10926: Hello, are there any plans to fix the CVE-2017-7657 and CVE-2017-7658 vulnerabilities of Jetty",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r41af10c4adec8d34a969abeb07fd0d6ad0c86768b751464f1cdd23e8%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20210304 [GitHub] [druid] suneet-s closed issue #10926: Hello, are there any plans to fix the CVE-2017-7657 and CVE-2017-7658 vulnerabilities of Jetty",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@eclipse.org",
          "ID": "CVE-2017-7657",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Eclipse Jetty",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "9.2.0"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "9.3.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "9.3.24"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "9.4.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "9.4.11"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The Eclipse Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4278",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4278"
            },
            {
              "name": "1041194",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041194"
            },
            {
              "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E"
            },
            {
              "name": "RHSA-2019:0910",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0910"
            },
            {
              "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20181014-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20181014-0001/"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03953en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03953en_us"
            },
            {
              "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535668",
              "refsource": "CONFIRM",
              "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535668"
            },
            {
              "name": "[druid-commits] 20210226 [GitHub] [druid] kingnj opened a new issue #10926: Hello, are there any plans to fix the CVE-2017-7657 and CVE-2017-7658 vulnerabilities of Jetty",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20210304 [GitHub] [druid] suneet-s commented on issue #10926: Hello, are there any plans to fix the CVE-2017-7657 and CVE-2017-7658 vulnerabilities of Jetty",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r41af10c4adec8d34a969abeb07fd0d6ad0c86768b751464f1cdd23e8@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20210304 [GitHub] [druid] suneet-s closed issue #10926: Hello, are there any plans to fix the CVE-2017-7657 and CVE-2017-7658 vulnerabilities of Jetty",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2017-7657",
    "datePublished": "2018-06-26T16:00:00",
    "dateReserved": "2017-04-11T00:00:00",
    "dateUpdated": "2024-08-05T16:12:27.850Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-15098
Vulnerability from cvelistv5
Published
2019-08-16 01:15
Modified
2024-08-05 00:34
Severity ?
Summary
drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:34:53.238Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike%40gmail.com/T/#u"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
          },
          {
            "name": "openSUSE-SU-2019:2173",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
          },
          {
            "name": "openSUSE-SU-2019:2181",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
          },
          {
            "name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/09/27/3"
          },
          {
            "name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/09/27/2"
          },
          {
            "name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/09/27/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K61214359"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K61214359?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          },
          {
            "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Nov/11"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
          },
          {
            "name": "USN-4185-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4185-1/"
          },
          {
            "name": "USN-4184-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4184-1/"
          },
          {
            "name": "USN-4186-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4186-1/"
          },
          {
            "name": "USN-4186-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4186-2/"
          },
          {
            "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
          },
          {
            "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-02T19:06:31",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike%40gmail.com/T/#u"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
        },
        {
          "name": "openSUSE-SU-2019:2173",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
        },
        {
          "name": "openSUSE-SU-2019:2181",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
        },
        {
          "name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/09/27/3"
        },
        {
          "name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/09/27/2"
        },
        {
          "name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/09/27/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K61214359"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K61214359?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        },
        {
          "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Nov/11"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
        },
        {
          "name": "USN-4185-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4185-1/"
        },
        {
          "name": "USN-4184-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4184-1/"
        },
        {
          "name": "USN-4186-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4186-1/"
        },
        {
          "name": "USN-4186-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4186-2/"
        },
        {
          "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
        },
        {
          "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-15098",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike@gmail.com/T/#u",
              "refsource": "MISC",
              "url": "https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike@gmail.com/T/#u"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190905-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
            },
            {
              "name": "openSUSE-SU-2019:2173",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
            },
            {
              "name": "openSUSE-SU-2019:2181",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
            },
            {
              "name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/09/27/3"
            },
            {
              "name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/09/27/2"
            },
            {
              "name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/09/27/1"
            },
            {
              "name": "https://support.f5.com/csp/article/K61214359",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K61214359"
            },
            {
              "name": "https://support.f5.com/csp/article/K61214359?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K61214359?utm_source=f5support\u0026amp;utm_medium=RSS"
            },
            {
              "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Nov/11"
            },
            {
              "name": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
            },
            {
              "name": "USN-4185-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4185-1/"
            },
            {
              "name": "USN-4184-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4184-1/"
            },
            {
              "name": "USN-4186-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4186-1/"
            },
            {
              "name": "USN-4186-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4186-2/"
            },
            {
              "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
            },
            {
              "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-15098",
    "datePublished": "2019-08-16T01:15:39",
    "dateReserved": "2019-08-15T00:00:00",
    "dateUpdated": "2024-08-05T00:34:53.238Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-4203
Vulnerability from cvelistv5
Published
2022-03-25 00:00
Modified
2024-08-03 17:16
Severity ?
Summary
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:16:04.262Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036934"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2230\u0026can=7\u0026q=modified-after%3Atoday-30\u0026sort=-modified\u0026colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve\u0026cells=tiles\u0026redir=1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306eb23814"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet%40gmail.com/T/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221111-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "kernel 5.15 rc4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362-\u003eCWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-14T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036934"
        },
        {
          "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2230\u0026can=7\u0026q=modified-after%3Atoday-30\u0026sort=-modified\u0026colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve\u0026cells=tiles\u0026redir=1"
        },
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306eb23814"
        },
        {
          "url": "https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet%40gmail.com/T/"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221111-0003/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-4203",
    "datePublished": "2022-03-25T00:00:00",
    "dateReserved": "2022-01-10T00:00:00",
    "dateUpdated": "2024-08-03T17:16:04.262Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10347
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:49
Severity ?
Summary
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
https://access.redhat.com/errata/RHSA-2017:3047vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201711-14vendor-advisory, x_refsource_GENTOO
https://www.debian.org/security/2017/dsa-4015vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3267vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2998vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3268vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:3046vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1039596vdb-entry, x_refsource_SECTRACK
https://security.gentoo.org/glsa/201710-31vendor-advisory, x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2017:3264vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2017/dsa-4048vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3392vendor-advisory, x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlmailing-list, x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20171019-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:2999vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/101382vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:41:55.560Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:3047",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3047"
          },
          {
            "name": "GLSA-201711-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201711-14"
          },
          {
            "name": "DSA-4015",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4015"
          },
          {
            "name": "RHSA-2017:3267",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3267"
          },
          {
            "name": "RHSA-2017:2998",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2998"
          },
          {
            "name": "RHSA-2017:3268",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3268"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "RHSA-2017:3046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3046"
          },
          {
            "name": "1039596",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039596"
          },
          {
            "name": "GLSA-201710-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201710-31"
          },
          {
            "name": "RHSA-2017:3264",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3264"
          },
          {
            "name": "DSA-4048",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4048"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:3392",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3392"
          },
          {
            "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
          },
          {
            "name": "RHSA-2017:2999",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2999"
          },
          {
            "name": "101382",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101382"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10347",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:35:27.359742Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T16:49:25.137Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u161"
            },
            {
              "status": "affected",
              "version": "7u151"
            },
            {
              "status": "affected",
              "version": "8u144"
            },
            {
              "status": "affected",
              "version": "9; Java SE Embedded: 8u144"
            }
          ]
        }
      ],
      "datePublic": "2017-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-02T10:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:3047",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3047"
        },
        {
          "name": "GLSA-201711-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201711-14"
        },
        {
          "name": "DSA-4015",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4015"
        },
        {
          "name": "RHSA-2017:3267",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3267"
        },
        {
          "name": "RHSA-2017:2998",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2998"
        },
        {
          "name": "RHSA-2017:3268",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3268"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "RHSA-2017:3046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3046"
        },
        {
          "name": "1039596",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039596"
        },
        {
          "name": "GLSA-201710-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201710-31"
        },
        {
          "name": "RHSA-2017:3264",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3264"
        },
        {
          "name": "DSA-4048",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4048"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:3392",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3392"
        },
        {
          "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
        },
        {
          "name": "RHSA-2017:2999",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2999"
        },
        {
          "name": "101382",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101382"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10347",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u161"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u144"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9; Java SE Embedded: 8u144"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:3047",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3047"
            },
            {
              "name": "GLSA-201711-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201711-14"
            },
            {
              "name": "DSA-4015",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4015"
            },
            {
              "name": "RHSA-2017:3267",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3267"
            },
            {
              "name": "RHSA-2017:2998",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2998"
            },
            {
              "name": "RHSA-2017:3268",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3268"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "RHSA-2017:3046",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3046"
            },
            {
              "name": "1039596",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039596"
            },
            {
              "name": "GLSA-201710-31",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201710-31"
            },
            {
              "name": "RHSA-2017:3264",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3264"
            },
            {
              "name": "DSA-4048",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4048"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:3392",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3392"
            },
            {
              "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171019-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
            },
            {
              "name": "RHSA-2017:2999",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2999"
            },
            {
              "name": "101382",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101382"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10347",
    "datePublished": "2017-10-19T17:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T16:49:25.137Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-17498
Vulnerability from cvelistv5
Published
2019-10-21 00:00
Modified
2024-08-05 01:40
Severity ?
Summary
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:40:15.913Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498"
          },
          {
            "name": "FEDORA-2019-91529f19e4",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/"
          },
          {
            "name": "openSUSE-SU-2019:2483",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html"
          },
          {
            "name": "[debian-lts-announce] 20191113 [SECURITY] [DLA 1991-1] libssh2 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html"
          },
          {
            "name": "FEDORA-2019-ec04c34768",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c"
          },
          {
            "name": "[debian-lts-announce] 20211217 [SECURITY] [DLA 2848-1] libssh2 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220909-0004/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html"
          },
          {
            "name": "[debian-lts-announce] 20230908 [SECURITY] [DLA 3559-1] libssh2 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-08T13:06:20.499920",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480"
        },
        {
          "url": "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/"
        },
        {
          "url": "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498"
        },
        {
          "name": "FEDORA-2019-91529f19e4",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/"
        },
        {
          "name": "openSUSE-SU-2019:2483",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html"
        },
        {
          "name": "[debian-lts-announce] 20191113 [SECURITY] [DLA 1991-1] libssh2 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html"
        },
        {
          "name": "FEDORA-2019-ec04c34768",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/"
        },
        {
          "url": "https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c"
        },
        {
          "name": "[debian-lts-announce] 20211217 [SECURITY] [DLA 2848-1] libssh2 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220909-0004/"
        },
        {
          "url": "http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html"
        },
        {
          "name": "[debian-lts-announce] 20230908 [SECURITY] [DLA 3559-1] libssh2 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-17498",
    "datePublished": "2019-10-21T00:00:00",
    "dateReserved": "2019-10-11T00:00:00",
    "dateUpdated": "2024-08-05T01:40:15.913Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10243
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 17:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).
References
https://access.redhat.com/errata/RHSA-2017:1791vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1790vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170720-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1789vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2424vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1038931vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1792vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201709-22vendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/bid/99827vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2017:2481vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2530vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2469vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3954vendor-advisory, x_refsource_DEBIAN
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:33:16.924Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1791"
          },
          {
            "name": "RHSA-2017:1790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "name": "RHSA-2017:1789",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1789"
          },
          {
            "name": "RHSA-2017:2424",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2424"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "RHSA-2017:1792",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1792"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "name": "99827",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99827"
          },
          {
            "name": "RHSA-2017:2481",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2481"
          },
          {
            "name": "RHSA-2017:2530",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2530"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:2469",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2469"
          },
          {
            "name": "DSA-3954",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3954"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10243",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:36:17.006654Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T17:05:27.231Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u151"
            },
            {
              "status": "affected",
              "version": "7u141"
            },
            {
              "status": "affected",
              "version": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:1791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1791"
        },
        {
          "name": "RHSA-2017:1790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "name": "RHSA-2017:1789",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1789"
        },
        {
          "name": "RHSA-2017:2424",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2424"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "RHSA-2017:1792",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1792"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "name": "99827",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99827"
        },
        {
          "name": "RHSA-2017:2481",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2481"
        },
        {
          "name": "RHSA-2017:2530",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2530"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:2469",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2469"
        },
        {
          "name": "DSA-3954",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3954"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10243",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u141"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1791"
            },
            {
              "name": "RHSA-2017:1790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1790"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "RHSA-2017:1789",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1789"
            },
            {
              "name": "RHSA-2017:2424",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2424"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "RHSA-2017:1792",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1792"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "99827",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99827"
            },
            {
              "name": "RHSA-2017:2481",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2481"
            },
            {
              "name": "RHSA-2017:2530",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2530"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:2469",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2469"
            },
            {
              "name": "DSA-3954",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3954"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10243",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T17:05:27.231Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-16888
Vulnerability from cvelistv5
Published
2019-01-14 22:00
Modified
2024-08-05 10:39
Summary
It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:39:58.066Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190307-0007/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888"
          },
          {
            "name": "RHSA-2019:2091",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2091"
          },
          {
            "name": "[cassandra-user] 20190809 cassandra does not start with new systemd version",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74%40%3Cuser.cassandra.apache.org%3E"
          },
          {
            "name": "USN-4269-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4269-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "systemd",
          "vendor": "The systemd Project",
          "versions": [
            {
              "status": "affected",
              "version": "v237"
            }
          ]
        }
      ],
      "datePublic": "2017-08-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "CWE-250",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-14T01:06:08",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190307-0007/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888"
        },
        {
          "name": "RHSA-2019:2091",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2091"
        },
        {
          "name": "[cassandra-user] 20190809 cassandra does not start with new systemd version",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74%40%3Cuser.cassandra.apache.org%3E"
        },
        {
          "name": "USN-4269-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4269-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2018-16888",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "systemd",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "v237"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The systemd Project"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "4.4/CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-250"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.netapp.com/advisory/ntap-20190307-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190307-0007/"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888"
            },
            {
              "name": "RHSA-2019:2091",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2091"
            },
            {
              "name": "[cassandra-user] 20190809 cassandra does not start with new systemd version",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E"
            },
            {
              "name": "USN-4269-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4269-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-16888",
    "datePublished": "2019-01-14T22:00:00",
    "dateReserved": "2018-09-11T00:00:00",
    "dateUpdated": "2024-08-05T10:39:58.066Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10086
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:05
Severity ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:25:00.967Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "99662",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99662"
          },
          {
            "name": "RHSA-2017:1791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1791"
          },
          {
            "name": "RHSA-2017:1790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "name": "DSA-4005",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-4005"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10086",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:39:48.355796Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T19:05:48.487Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u141"
            },
            {
              "status": "affected",
              "version": "8u131"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "99662",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99662"
        },
        {
          "name": "RHSA-2017:1791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1791"
        },
        {
          "name": "RHSA-2017:1790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "name": "DSA-4005",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-4005"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10086",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u141"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u131"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "99662",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99662"
            },
            {
              "name": "RHSA-2017:1791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1791"
            },
            {
              "name": "RHSA-2017:1790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1790"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "DSA-4005",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-4005"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10086",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T19:05:48.487Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-32205
Vulnerability from cvelistv5
Published
2022-07-07 00:00
Modified
2024-08-03 07:32
Severity ?
Summary
A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:32:56.071Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/1569946"
          },
          {
            "name": "FEDORA-2022-1b3d7f6973",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
          },
          {
            "name": "DSA-5197",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5197"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213488"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
          },
          {
            "name": "GLSA-202212-01",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202212-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "https://github.com/curl/curl",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in 7.84.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl \u003c 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven\u0027t expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a \"sister server\" to effectively cause a denial of service for a sibling site on the same second level domain using this method."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "Allocation of Resources Without Limits or Throttling (CWE-770)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-19T00:00:00",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://hackerone.com/reports/1569946"
        },
        {
          "name": "FEDORA-2022-1b3d7f6973",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
        },
        {
          "name": "DSA-5197",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5197"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
        },
        {
          "url": "https://support.apple.com/kb/HT213488"
        },
        {
          "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
        },
        {
          "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
        },
        {
          "name": "GLSA-202212-01",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202212-01"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2022-32205",
    "datePublished": "2022-07-07T00:00:00",
    "dateReserved": "2022-06-01T00:00:00",
    "dateUpdated": "2024-08-03T07:32:56.071Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10118
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:02
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:33:16.501Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1791"
          },
          {
            "name": "RHSA-2017:1790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "name": "99782",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99782"
          },
          {
            "name": "DSA-3919",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3919"
          },
          {
            "name": "DSA-3954",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3954"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10118",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:36:46.566924Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T19:02:07.941Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u141"
            },
            {
              "status": "affected",
              "version": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-16T13:57:02",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:1791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1791"
        },
        {
          "name": "RHSA-2017:1790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "name": "99782",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99782"
        },
        {
          "name": "DSA-3919",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3919"
        },
        {
          "name": "DSA-3954",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3954"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10118",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u141"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1791"
            },
            {
              "name": "RHSA-2017:1790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1790"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2017-002",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "99782",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99782"
            },
            {
              "name": "DSA-3919",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3919"
            },
            {
              "name": "DSA-3954",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3954"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10118",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T19:02:07.941Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-11884
Vulnerability from cvelistv5
Published
2020-04-29 12:07
Modified
2024-08-04 11:42
Severity ?
Summary
In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:42:00.533Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f"
          },
          {
            "name": "DSA-4667",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4667"
          },
          {
            "name": "USN-4343-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4343-1/"
          },
          {
            "name": "FEDORA-2020-64d46a6e29",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/"
          },
          {
            "name": "FEDORA-2020-16f9239805",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/"
          },
          {
            "name": "FEDORA-2020-b453269c4e",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/"
          },
          {
            "name": "USN-4345-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4345-1/"
          },
          {
            "name": "USN-4342-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4342-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-04T22:00:23",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f"
        },
        {
          "name": "DSA-4667",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4667"
        },
        {
          "name": "USN-4343-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4343-1/"
        },
        {
          "name": "FEDORA-2020-64d46a6e29",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/"
        },
        {
          "name": "FEDORA-2020-16f9239805",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/"
        },
        {
          "name": "FEDORA-2020-b453269c4e",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/"
        },
        {
          "name": "USN-4345-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4345-1/"
        },
        {
          "name": "USN-4342-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4342-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-11884",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f",
              "refsource": "CONFIRM",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f"
            },
            {
              "name": "DSA-4667",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4667"
            },
            {
              "name": "USN-4343-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4343-1/"
            },
            {
              "name": "FEDORA-2020-64d46a6e29",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/"
            },
            {
              "name": "FEDORA-2020-16f9239805",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/"
            },
            {
              "name": "FEDORA-2020-b453269c4e",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/"
            },
            {
              "name": "USN-4345-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4345-1/"
            },
            {
              "name": "USN-4342-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4342-1/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200608-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-11884",
    "datePublished": "2020-04-29T12:07:37",
    "dateReserved": "2020-04-17T00:00:00",
    "dateUpdated": "2024-08-04T11:42:00.533Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10295
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:54
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N).
References
https://access.redhat.com/errata/RHSA-2017:3047vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201711-14vendor-advisory, x_refsource_GENTOO
https://www.debian.org/security/2017/dsa-4015vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3267vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2998vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3268vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:3046vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1039596vdb-entry, x_refsource_SECTRACK
https://security.gentoo.org/glsa/201710-31vendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/bid/101384vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2017:3264vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2017/dsa-4048vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3392vendor-advisory, x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlmailing-list, x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20171019-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:2999vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:33:16.918Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:3047",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3047"
          },
          {
            "name": "GLSA-201711-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201711-14"
          },
          {
            "name": "DSA-4015",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4015"
          },
          {
            "name": "RHSA-2017:3267",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3267"
          },
          {
            "name": "RHSA-2017:2998",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2998"
          },
          {
            "name": "RHSA-2017:3268",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3268"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "RHSA-2017:3046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3046"
          },
          {
            "name": "1039596",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039596"
          },
          {
            "name": "GLSA-201710-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201710-31"
          },
          {
            "name": "101384",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101384"
          },
          {
            "name": "RHSA-2017:3264",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3264"
          },
          {
            "name": "DSA-4048",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4048"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:3392",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3392"
          },
          {
            "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
          },
          {
            "name": "RHSA-2017:2999",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2999"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10295",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:45:32.040874Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T16:54:34.588Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u161"
            },
            {
              "status": "affected",
              "version": "7u151"
            },
            {
              "status": "affected",
              "version": "8u144"
            },
            {
              "status": "affected",
              "version": "9; Java SE Embedded: 8u144; JRockit: R28.3.15"
            }
          ]
        }
      ],
      "datePublic": "2017-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit.  While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-02T10:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:3047",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3047"
        },
        {
          "name": "GLSA-201711-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201711-14"
        },
        {
          "name": "DSA-4015",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4015"
        },
        {
          "name": "RHSA-2017:3267",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3267"
        },
        {
          "name": "RHSA-2017:2998",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2998"
        },
        {
          "name": "RHSA-2017:3268",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3268"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "RHSA-2017:3046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3046"
        },
        {
          "name": "1039596",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039596"
        },
        {
          "name": "GLSA-201710-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201710-31"
        },
        {
          "name": "101384",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101384"
        },
        {
          "name": "RHSA-2017:3264",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3264"
        },
        {
          "name": "DSA-4048",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4048"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:3392",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3392"
        },
        {
          "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
        },
        {
          "name": "RHSA-2017:2999",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2999"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10295",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u161"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u144"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9; Java SE Embedded: 8u144; JRockit: R28.3.15"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit.  While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:3047",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3047"
            },
            {
              "name": "GLSA-201711-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201711-14"
            },
            {
              "name": "DSA-4015",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4015"
            },
            {
              "name": "RHSA-2017:3267",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3267"
            },
            {
              "name": "RHSA-2017:2998",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2998"
            },
            {
              "name": "RHSA-2017:3268",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3268"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "RHSA-2017:3046",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3046"
            },
            {
              "name": "1039596",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039596"
            },
            {
              "name": "GLSA-201710-31",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201710-31"
            },
            {
              "name": "101384",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101384"
            },
            {
              "name": "RHSA-2017:3264",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3264"
            },
            {
              "name": "DSA-4048",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4048"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:3392",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3392"
            },
            {
              "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171019-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
            },
            {
              "name": "RHSA-2017:2999",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2999"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10295",
    "datePublished": "2017-10-19T17:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T16:54:34.588Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-18683
Vulnerability from cvelistv5
Published
2019-11-04 15:36
Modified
2024-08-05 02:02
Severity ?
Summary
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:02:38.287Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2019/11/02/1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/"
          },
          {
            "name": "[oss-security] 20191105 Re: [ Linux kernel ] Exploitable bugs in drivers/media/platform/vivid",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/11/05/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
          },
          {
            "name": "openSUSE-SU-2019:2675",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
          },
          {
            "name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Jan/10"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
          },
          {
            "name": "USN-4254-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4254-1/"
          },
          {
            "name": "USN-4254-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4254-2/"
          },
          {
            "name": "USN-4258-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4258-1/"
          },
          {
            "name": "USN-4287-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4287-1/"
          },
          {
            "name": "USN-4287-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4287-2/"
          },
          {
            "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
          },
          {
            "name": "USN-4284-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4284-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-02T20:06:24",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2019/11/02/1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/"
        },
        {
          "name": "[oss-security] 20191105 Re: [ Linux kernel ] Exploitable bugs in drivers/media/platform/vivid",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/11/05/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
        },
        {
          "name": "openSUSE-SU-2019:2675",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
        },
        {
          "name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Jan/10"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
        },
        {
          "name": "USN-4254-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4254-1/"
        },
        {
          "name": "USN-4254-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4254-2/"
        },
        {
          "name": "USN-4258-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4258-1/"
        },
        {
          "name": "USN-4287-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4287-1/"
        },
        {
          "name": "USN-4287-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4287-2/"
        },
        {
          "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
        },
        {
          "name": "USN-4284-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4284-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-18683",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.openwall.com/lists/oss-security/2019/11/02/1",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/oss-security/2019/11/02/1"
            },
            {
              "name": "https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov@linux.com/",
              "refsource": "MISC",
              "url": "https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov@linux.com/"
            },
            {
              "name": "[oss-security] 20191105 Re: [ Linux kernel ] Exploitable bugs in drivers/media/platform/vivid",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/11/05/1"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20191205-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
            },
            {
              "name": "openSUSE-SU-2019:2675",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
            },
            {
              "name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Jan/10"
            },
            {
              "name": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
            },
            {
              "name": "USN-4254-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4254-1/"
            },
            {
              "name": "USN-4254-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4254-2/"
            },
            {
              "name": "USN-4258-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4258-1/"
            },
            {
              "name": "USN-4287-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4287-1/"
            },
            {
              "name": "USN-4287-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4287-2/"
            },
            {
              "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
            },
            {
              "name": "USN-4284-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4284-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-18683",
    "datePublished": "2019-11-04T15:36:14",
    "dateReserved": "2019-11-04T00:00:00",
    "dateUpdated": "2024-08-05T02:02:38.287Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10108
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:03
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
https://access.redhat.com/errata/RHSA-2017:1791vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1790vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170720-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1789vendor-advisory, x_refsource_REDHAT
https://cert.vde.com/en-us/advisories/vde-2017-002x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:2424vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1038931vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1792vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201709-22vendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3919vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:2481vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2530vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3453vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2469vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3954vendor-advisory, x_refsource_DEBIAN
http://www.securityfocus.com/bid/99846vdb-entry, x_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:33:16.080Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1791"
          },
          {
            "name": "RHSA-2017:1790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "name": "RHSA-2017:1789",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1789"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
          },
          {
            "name": "RHSA-2017:2424",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2424"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "RHSA-2017:1792",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1792"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "name": "DSA-3919",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3919"
          },
          {
            "name": "RHSA-2017:2481",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2481"
          },
          {
            "name": "RHSA-2017:2530",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2530"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:2469",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2469"
          },
          {
            "name": "DSA-3954",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3954"
          },
          {
            "name": "99846",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99846"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10108",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:36:50.295752Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T19:03:24.833Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u151"
            },
            {
              "status": "affected",
              "version": "7u141"
            },
            {
              "status": "affected",
              "version": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-16T13:57:02",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:1791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1791"
        },
        {
          "name": "RHSA-2017:1790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "name": "RHSA-2017:1789",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1789"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
        },
        {
          "name": "RHSA-2017:2424",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2424"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "RHSA-2017:1792",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1792"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "name": "DSA-3919",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3919"
        },
        {
          "name": "RHSA-2017:2481",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2481"
        },
        {
          "name": "RHSA-2017:2530",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2530"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:2469",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2469"
        },
        {
          "name": "DSA-3954",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3954"
        },
        {
          "name": "99846",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99846"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10108",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u141"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1791"
            },
            {
              "name": "RHSA-2017:1790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1790"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "RHSA-2017:1789",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1789"
            },
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2017-002",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
            },
            {
              "name": "RHSA-2017:2424",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2424"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "RHSA-2017:1792",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1792"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "DSA-3919",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3919"
            },
            {
              "name": "RHSA-2017:2481",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2481"
            },
            {
              "name": "RHSA-2017:2530",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2530"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:2469",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2469"
            },
            {
              "name": "DSA-3954",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3954"
            },
            {
              "name": "99846",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99846"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10108",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T19:03:24.833Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-3136
Vulnerability from cvelistv5
Published
2019-01-16 20:00
Modified
2024-09-17 00:51
Summary
A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:16:28.169Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1095",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1095"
          },
          {
            "name": "GLSA-201708-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201708-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180802-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03747en_us"
          },
          {
            "name": "DSA-3854",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3854"
          },
          {
            "name": "1038259",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038259"
          },
          {
            "name": "97653",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97653"
          },
          {
            "name": "RHSA-2017:1105",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1105"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/docs/aa-01465"
          },
          {
            "name": "openSUSE-SU-2020:1699",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
          },
          {
            "name": "openSUSE-SU-2020:1701",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "status": "affected",
              "version": "9.8.0 -\u003e 9.8.8-P1, 9.9.0 -\u003e 9.9.9-P6, 9.9.10b1-\u003e9.9.10rc1, 9.10.0 -\u003e 9.10.4-P6, 9.10.5b1-\u003e9.10.5rc1, 9.11.0 -\u003e 9.11.0-P3, 9.11.1b1-\u003e9.11.1rc1, 9.9.3-S1 -\u003e 9.9.9-S8"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Oleg Gorokhov of Yandex for making us aware of this vulnerability."
        }
      ],
      "datePublic": "2017-03-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -\u003e 9.8.8-P1, 9.9.0 -\u003e 9.9.9-P6, 9.9.10b1-\u003e9.9.10rc1, 9.10.0 -\u003e 9.10.4-P6, 9.10.5b1-\u003e9.10.5rc1, 9.11.0 -\u003e 9.11.0-P3, 9.11.1b1-\u003e9.11.1rc1, 9.9.3-S1 -\u003e 9.9.9-S8."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Servers are at risk if they are configured to use DNS64 and if the option \"break-dnssec yes;\" is in use.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T11:06:37",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "name": "RHSA-2017:1095",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1095"
        },
        {
          "name": "GLSA-201708-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201708-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180802-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03747en_us"
        },
        {
          "name": "DSA-3854",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3854"
        },
        {
          "name": "1038259",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038259"
        },
        {
          "name": "97653",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97653"
        },
        {
          "name": "RHSA-2017:1105",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1105"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/docs/aa-01465"
        },
        {
          "name": "openSUSE-SU-2020:1699",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
        },
        {
          "name": "openSUSE-SU-2020:1701",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n    BIND 9 version 9.9.9-P8\n    BIND 9 version 9.10.4-P8\n    BIND 9 version 9.11.0-P5\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n    BIND 9 version 9.9.9-S10\n\nNew maintenance releases of BIND are also scheduled which contain the fix for this vulnerability.  In addition to the security releases listed above, fixes for this vulnerability are also included in these release candidate versions:\n\n    BIND 9 version 9.9.10rc3\n    BIND 9 version 9.10.5rc3\n    BIND 9 version 9.11.1rc3"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "An error handling synthesized records could cause an assertion failure when using DNS64 with \"break-dnssec yes;\"",
      "workarounds": [
        {
          "lang": "en",
          "value": "Servers which have configurations which require DNS64 and \"break-dnssec yes;\" should upgrade.  Servers which are not using these features in conjunction are not at risk from this defect."
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-officer@isc.org",
          "DATE_PUBLIC": "2017-03-12T00:00:00.000Z",
          "ID": "CVE-2017-3136",
          "STATE": "PUBLIC",
          "TITLE": "An error handling synthesized records could cause an assertion failure when using DNS64 with \"break-dnssec yes;\""
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIND 9",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.8.0 -\u003e 9.8.8-P1, 9.9.0 -\u003e 9.9.9-P6, 9.9.10b1-\u003e9.9.10rc1, 9.10.0 -\u003e 9.10.4-P6, 9.10.5b1-\u003e9.10.5rc1, 9.11.0 -\u003e 9.11.0-P3, 9.11.1b1-\u003e9.11.1rc1, 9.9.3-S1 -\u003e 9.9.9-S8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ISC"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "ISC would like to thank Oleg Gorokhov of Yandex for making us aware of this vulnerability."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -\u003e 9.8.8-P1, 9.9.0 -\u003e 9.9.9-P6, 9.9.10b1-\u003e9.9.10rc1, 9.10.0 -\u003e 9.10.4-P6, 9.10.5b1-\u003e9.10.5rc1, 9.11.0 -\u003e 9.11.0-P3, 9.11.1b1-\u003e9.11.1rc1, 9.9.3-S1 -\u003e 9.9.9-S8."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Servers are at risk if they are configured to use DNS64 and if the option \"break-dnssec yes;\" is in use."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1095",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1095"
            },
            {
              "name": "GLSA-201708-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201708-01"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180802-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180802-0002/"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03747en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03747en_us"
            },
            {
              "name": "DSA-3854",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3854"
            },
            {
              "name": "1038259",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038259"
            },
            {
              "name": "97653",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97653"
            },
            {
              "name": "RHSA-2017:1105",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1105"
            },
            {
              "name": "https://kb.isc.org/docs/aa-01465",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/docs/aa-01465"
            },
            {
              "name": "openSUSE-SU-2020:1699",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
            },
            {
              "name": "openSUSE-SU-2020:1701",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n    BIND 9 version 9.9.9-P8\n    BIND 9 version 9.10.4-P8\n    BIND 9 version 9.11.0-P5\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n    BIND 9 version 9.9.9-S10\n\nNew maintenance releases of BIND are also scheduled which contain the fix for this vulnerability.  In addition to the security releases listed above, fixes for this vulnerability are also included in these release candidate versions:\n\n    BIND 9 version 9.9.10rc3\n    BIND 9 version 9.10.5rc3\n    BIND 9 version 9.11.1rc3"
          }
        ],
        "source": {
          "discovery": "UNKNOWN"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Servers which have configurations which require DNS64 and \"break-dnssec yes;\" should upgrade.  Servers which are not using these features in conjunction are not at risk from this defect."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2017-3136",
    "datePublished": "2019-01-16T20:00:00Z",
    "dateReserved": "2016-12-02T00:00:00",
    "dateUpdated": "2024-09-17T00:51:35.181Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-38160
Vulnerability from cvelistv5
Published
2021-08-07 03:31
Modified
2024-08-04 01:37
Severity ?
Summary
In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:37:16.213Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/cve-2021-38160"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
          },
          {
            "name": "DSA-4978",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4978"
          },
          {
            "name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
          },
          {
            "name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf-\u003elen value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-17T00:06:39",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://access.redhat.com/security/cve/cve-2021-38160"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
        },
        {
          "name": "DSA-4978",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4978"
        },
        {
          "name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
        },
        {
          "name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
        }
      ],
      "tags": [
        "disputed"
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-38160",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf-\u003elen value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
            },
            {
              "name": "https://access.redhat.com/security/cve/cve-2021-38160",
              "refsource": "MISC",
              "url": "https://access.redhat.com/security/cve/cve-2021-38160"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210902-0010/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
            },
            {
              "name": "DSA-4978",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4978"
            },
            {
              "name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
            },
            {
              "name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-38160",
    "datePublished": "2021-08-07T03:31:12",
    "dateReserved": "2021-08-07T00:00:00",
    "dateUpdated": "2024-08-04T01:37:16.213Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-38201
Vulnerability from cvelistv5
Published
2021-08-08 19:26
Modified
2024-08-04 01:37
Severity ?
Summary
net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:37:16.300Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-02T08:06:44",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-38201",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210902-0010/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-38201",
    "datePublished": "2021-08-08T19:26:54",
    "dateReserved": "2021-08-08T00:00:00",
    "dateUpdated": "2024-08-04T01:37:16.300Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-32208
Vulnerability from cvelistv5
Published
2022-07-07 00:00
Modified
2024-08-03 07:32
Severity ?
Summary
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:32:55.993Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/1590071"
          },
          {
            "name": "FEDORA-2022-1b3d7f6973",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
          },
          {
            "name": "DSA-5197",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5197"
          },
          {
            "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213488"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
          },
          {
            "name": "GLSA-202212-01",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202212-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "https://github.com/curl/curl",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in 7.84.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When curl \u003c 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-840",
              "description": "Business Logic Errors (CWE-840)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-19T00:00:00",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://hackerone.com/reports/1590071"
        },
        {
          "name": "FEDORA-2022-1b3d7f6973",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
        },
        {
          "name": "DSA-5197",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5197"
        },
        {
          "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
        },
        {
          "url": "https://support.apple.com/kb/HT213488"
        },
        {
          "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
        },
        {
          "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
        },
        {
          "name": "GLSA-202212-01",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202212-01"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2022-32208",
    "datePublished": "2022-07-07T00:00:00",
    "dateReserved": "2022-06-01T00:00:00",
    "dateUpdated": "2024-08-03T07:32:55.993Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3919Third Party Advisory
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3954Third Party Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/99706Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1038931Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201709-22Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3919Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3954Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99706Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038931Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201709-22Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jre 1.7.0
oracle jre 1.8.0
debian debian_linux 8.0
debian debian_linux 9.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap 9.6
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: Libraries). Las versiones compatibles que se han visto afectadas son JavaSE: 7u141 y 8u131; Java SE Embedded: 8u131. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE y Java SE Embedded, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 9.6 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    }
  ],
  "id": "CVE-2017-10090",
  "lastModified": "2024-11-21T03:05:20.803",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.6,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T15:29:02.803",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99706"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99706"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3919Third Party Advisory
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3954Third Party Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/99719Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1038931Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201709-22Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3919Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3954Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99719Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038931Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201709-22Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
debian debian_linux 8.0
debian debian_linux 9.0
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap 9.6
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: RMI). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE y Java SE Embedded, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 9.6 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    }
  ],
  "id": "CVE-2017-10107",
  "lastModified": "2024-11-21T03:05:23.353",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.6,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T15:29:03.490",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99719"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99719"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-4005Third Party Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/99726Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1038931Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201709-22Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-4005Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99726Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038931Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201709-22Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: JavaFX). Las versiones compatibles que se han visto afectadas son JavaSE: 7u141 y 8u131. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 8.3 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    }
  ],
  "id": "CVE-2017-10114",
  "lastModified": "2024-11-21T03:05:24.667",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T15:29:03.740",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-4005"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99726"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-4005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99726"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-10-21 22:15
Modified
2024-11-21 04:32
Summary
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html
cve@mitre.orghttps://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/Broken Link
cve@mitre.orghttps://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498Exploit, Third Party Advisory
cve@mitre.orghttps://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480Exploit, Third Party Advisory
cve@mitre.orghttps://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9cPatch, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2019/11/msg00010.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2021/12/msg00013.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2023/09/msg00006.html
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20220909-0004/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html
af854a3a-2127-422b-91ae-364da2661108https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/Broken Link
af854a3a-2127-422b-91ae-364da2661108https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9cPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/11/msg00010.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/12/msg00013.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20220909-0004/Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0F2D0AA-AFDD-41A2-8172-EEB203227E5D",
              "versionEndIncluding": "1.9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server."
    },
    {
      "lang": "es",
      "value": "En libssh2 versi\u00f3n v1.9.0 y anteriores, la l\u00f3gica de la funci\u00f3n SSH_MSG_DISCONNECT en el archivo packet.c presenta un desbordamiento de enteros en una comprobaci\u00f3n de l\u00edmites, lo que permite a un atacante especificar un desplazamiento arbitrario (fuera de l\u00edmites) para una lectura de memoria posterior. Un servidor SSH dise\u00f1ado puede ser capaz de revelar informaci\u00f3n confidencial o causar una condici\u00f3n de denegaci\u00f3n de servicio en el sistema del cliente cuando un usuario conecta con el servidor."
    }
  ],
  "id": "CVE-2019-17498",
  "lastModified": "2024-11-21T04:32:22.850",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-21T22:15:10.523",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220909-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220909-0004/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-09-23 14:15
Modified
2024-11-21 07:10
Summary
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
References
support@hackerone.comhttp://seclists.org/fulldisclosure/2023/Jan/20Mailing List, Third Party Advisory
support@hackerone.comhttp://seclists.org/fulldisclosure/2023/Jan/21Mailing List, Third Party Advisory
support@hackerone.comhttps://hackerone.com/reports/1613943Exploit, Issue Tracking, Third Party Advisory
support@hackerone.comhttps://lists.debian.org/debian-lts-announce/2023/01/msg00028.htmlMailing List, Third Party Advisory
support@hackerone.comhttps://security.gentoo.org/glsa/202212-01Third Party Advisory
support@hackerone.comhttps://security.netapp.com/advisory/ntap-20220930-0005/Third Party Advisory
support@hackerone.comhttps://support.apple.com/kb/HT213603Third Party Advisory
support@hackerone.comhttps://support.apple.com/kb/HT213604Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2023/Jan/20Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2023/Jan/21Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://hackerone.com/reports/1613943Exploit, Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/01/msg00028.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202212-01Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20220930-0005/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT213603Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT213604Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7B9B38C-6728-408E-93C9-98C042DA9DD3",
              "versionEndExcluding": "7.85.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D13504E-ABCF-4E6F-8984-EADB123DFDD2",
              "versionEndExcluding": "11.7.3",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C71359B9-7DCE-4F45-B03F-77CF313A74EA",
              "versionEndExcluding": "12.6.3",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D",
              "versionEndExcluding": "8.2.12",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32",
              "versionEndExcluding": "9.0.6",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings."
    },
    {
      "lang": "es",
      "value": "Cuando curl es usado para recuperar y analizar las cookies de un servidor HTTP(S), acepta las cookies usando c\u00f3digos de control que cuando son enviados de vuelta a un servidor HTTP podr\u00edan hacer que el servidor devolviera respuestas 400. En efecto, permite que un \"sitio hermano\" deniegue el servicio a todos los hermanos."
    }
  ],
  "id": "CVE-2022-35252",
  "lastModified": "2024-11-21T07:10:58.650",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-09-23T14:15:12.323",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2023/Jan/20"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2023/Jan/21"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/1613943"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202212-01"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220930-0005/"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213603"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213604"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2023/Jan/20"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2023/Jan/21"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/1613943"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202212-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220930-0005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213603"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213604"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-01-16 20:29
Modified
2024-11-21 03:24
Summary
named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9.
Impacted products
Vendor Product Version
isc bind 9.9.9
isc bind 9.9.9
isc bind 9.9.9
isc bind 9.9.9
isc bind 9.9.9
isc bind 9.9.9
isc bind 9.9.9
isc bind 9.9.9
isc bind 9.9.9
isc bind 9.9.9
isc bind 9.9.10
isc bind 9.9.10
isc bind 9.9.10
isc bind 9.10.4
isc bind 9.10.4
isc bind 9.10.4
isc bind 9.10.4
isc bind 9.10.4
isc bind 9.10.4
isc bind 9.10.4
isc bind 9.10.4
isc bind 9.10.5
isc bind 9.10.5
isc bind 9.10.5
isc bind 9.11.0
isc bind 9.11.0
isc bind 9.11.0
isc bind 9.11.0
isc bind 9.11.0
isc bind 9.11.1
isc bind 9.11.1
isc bind 9.11.1
netapp data_ontap_edge -
netapp element_software -
netapp oncommand_balance -
debian debian_linux 8.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "AECB4D34-0D20-46C5-A389-0296EF60E795",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*",
              "matchCriteriaId": "376915CA-6BDB-423E-B216-64B098344DD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:p2:*:*:*:*:*:*",
              "matchCriteriaId": "03215B90-9860-4CB4-B7D2-3DF045B129EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:p3:*:*:*:*:*:*",
              "matchCriteriaId": "88335D70-E98B-469E-A2E7-1958EB5F10DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:p4:*:*:*:*:*:*",
              "matchCriteriaId": "795DA9EE-489D-402E-8427-C9E3650BA1E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*",
              "matchCriteriaId": "012A3C08-2A0F-4168-9DE0-F609707E4C2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*",
              "matchCriteriaId": "2BDE2752-E5CD-4AE6-A404-2C209F942B7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:p7:*:*:*:*:*:*",
              "matchCriteriaId": "0387826C-AE6B-44C8-9888-4088CF66D78C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*",
              "matchCriteriaId": "21FBF6B7-BA47-46AC-B7EB-3A3A2E985BFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*",
              "matchCriteriaId": "7132A53F-7DF2-4B79-AC86-75A0C73843B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "9C8F0163-FF32-44E0-B05C-F89263CD56A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "94C0C9FC-5CCF-4AD7-8D83-7B579102F7E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.10:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BFF50431-599D-40DD-A2B3-30A6D5652FFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E76DCB3-8063-415D-A774-9191E69E6980",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "BB2D2132-62E8-4E73-A0BF-4790DAFC5558",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "E253BD9F-25B8-42E7-BEAB-E843381ED155",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "6B5E42E5-27C6-4D6F-B7DC-903B10BF2017",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "7E211374-A4F5-41D4-A89E-E6522E9D0DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "21CC7BA7-6D75-4561-ACF3-F1F61A0CBA62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "70586A2A-AA52-48F5-B2B0-390CA77807E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "060E10B1-5501-4BD0-A148-B04C56D499F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*",
              "matchCriteriaId": "8C5A0370-9490-40CC-84E8-EEE95A6F233B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CEC78396-4667-4A45-8DBD-0D0C2AAE1549",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.5:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "1CD813E5-0C4A-4B55-A1B9-9C5C6C2504D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3160C5ED-75EA-47B2-998E-EDFC46B37DDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*",
              "matchCriteriaId": "086C327B-DF9F-4D4E-A538-1E29FEDC34C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*",
              "matchCriteriaId": "1440B408-76B6-4FA7-899D-E28049A37704",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*",
              "matchCriteriaId": "4D50373F-C1C4-4EC9-B94F-854C3444717D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.0:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6658F26D-C088-4470-8AFD-58BB54201C87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*",
              "matchCriteriaId": "A923D26C-3BE1-492E-99CF-1BB14D8A6388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "EEA791E2-27E0-49C5-9823-0C57647C788F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4E654717-4EF6-4397-A637-A9789CD5D1D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0C4B1E5-75BF-43AE-BBAC-0DD4124C71ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9-\u003e9.9.9-P7, 9.9.10b1-\u003e9.9.10rc2, 9.10.4-\u003e9.10.4-P7, 9.10.5b1-\u003e9.10.5rc2, 9.11.0-\u003e9.11.0-P4, 9.11.1b1-\u003e9.11.1rc2, 9.9.9-S1-\u003e9.9.9-S9."
    },
    {
      "lang": "es",
      "value": "named contiene una caracter\u00edstica que permite que los operadores env\u00ede comandos a un servidor en ejecuci\u00f3n comunic\u00e1ndose con el proceso del servidor mediante un canal de control utilizando un programa como rndc.  Una regresi\u00f3n empleada en un cambio de caracter\u00edsticas reciente ha creado una situaci\u00f3n en la cual algunas versiones de named pueden cerrarse con un error de aserci\u00f3n de REQUIRE si se le env\u00eda una cadena de comandos null. Afecta a BIND desde la versi\u00f3n 9.9.9 hasta la 9.9.9-P7, desde la versi\u00f3n 9.9.10b1 hasta la 9.9.10rc2, desde la versi\u00f3n 9.10.4 hasta la 9.10.4-P7, desde la versi\u00f3n 9.10.5b1 hasta la 9.10.5rc2, desde la versi\u00f3n 9.10.5b1 hasta la 9.10.5rc2, desde la versi\u00f3n 9.11.0 hasta la 9.11.0-P4, desde la versi\u00f3n 9.11.1b1 hasta la 9.11.1rc2 y desde la versi\u00f3n 9.9.9-S1 hasta 9.9.9-S9."
    }
  ],
  "id": "CVE-2017-3138",
  "lastModified": "2024-11-21T03:24:54.743",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "security-officer@isc.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-16T20:29:00.407",
  "references": [
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97657"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038260"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/docs/aa-01471"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201708-01"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180802-0002/"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-3854"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97657"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038260"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/docs/aa-01471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201708-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180802-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-3854"
    }
  ],
  "sourceIdentifier": "security-officer@isc.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-617"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/99851Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1038931Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201709-22Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99851Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038931Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201709-22Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: Deployment). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso no autorizado a la actualizaci\u00f3n, inserci\u00f3n o supresi\u00f3n de algunos de los datos accesibles de Java SE. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 4.3 (impactos en la integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)."
    }
  ],
  "id": "CVE-2017-10105",
  "lastModified": "2024-11-21T03:05:23.020",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T15:29:03.427",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99851"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99851"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-01-28 21:29
Modified
2024-11-21 04:42
Summary
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.
References
security@debian.orghttp://www.securityfocus.com/bid/106690Third Party Advisory, VDB Entry
security@debian.orghttps://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E
security@debian.orghttps://lists.debian.org/debian-lts-announce/2019/01/msg00013.htmlMailing List, Vendor Advisory
security@debian.orghttps://lists.debian.org/debian-lts-announce/2019/01/msg00014.htmlMailing List, Vendor Advisory
security@debian.orghttps://security.netapp.com/advisory/ntap-20190125-0002/Third Party Advisory
security@debian.orghttps://usn.ubuntu.com/3863-1/Third Party Advisory
security@debian.orghttps://usn.ubuntu.com/3863-2/Third Party Advisory
security@debian.orghttps://www.debian.org/security/2019/dsa-4371Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/106690Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/01/msg00013.htmlMailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/01/msg00014.htmlMailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190125-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3863-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3863-2/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4371Patch, Vendor Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D2FC6D4-6A3E-448B-84F7-027BDAC1FEAF",
              "versionEndExcluding": "1.2.30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E371D4-8F2B-41C2-A7CE-E5F93C72B8D6",
              "versionEndIncluding": "1.4.8",
              "versionStartIncluding": "1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF29713A-2852-4E3D-9666-4001C7E8B667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine."
    },
    {
      "lang": "es",
      "value": "El saneamiento incorrecto de un campo de redirecci\u00f3n 302 en el m\u00e9todo HTTP \"transport\" en apt, en versiones 1.4.8 y anteriores, puede conducir a la inyecci\u00f3n de contenido por parte de un atacante MITM, lo que puede conducir a la ejecuci\u00f3n remota de c\u00f3digo en el equipo objetivo."
    }
  ],
  "id": "CVE-2019-3462",
  "lastModified": "2024-11-21T04:42:05.670",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-28T21:29:00.300",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106690"
    },
    {
      "source": "security@debian.org",
      "url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00013.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190125-0002/"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3863-1/"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3863-2/"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106690"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190125-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3863-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3863-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4371"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-07-07 13:15
Modified
2024-11-21 07:05
Summary
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
References
support@hackerone.comhttp://seclists.org/fulldisclosure/2022/Oct/28Mailing List, Third Party Advisory
support@hackerone.comhttp://seclists.org/fulldisclosure/2022/Oct/41Mailing List, Third Party Advisory
support@hackerone.comhttp://www.openwall.com/lists/oss-security/2023/02/15/3Mailing List, Third Party Advisory
support@hackerone.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdfPatch, Third Party Advisory
support@hackerone.comhttps://hackerone.com/reports/1570651Exploit, Third Party Advisory
support@hackerone.comhttps://lists.debian.org/debian-lts-announce/2022/08/msg00017.htmlMailing List, Third Party Advisory
support@hackerone.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/Mailing List, Third Party Advisory
support@hackerone.comhttps://security.gentoo.org/glsa/202212-01Third Party Advisory
support@hackerone.comhttps://security.netapp.com/advisory/ntap-20220915-0003/Third Party Advisory
support@hackerone.comhttps://support.apple.com/kb/HT213488Third Party Advisory
support@hackerone.comhttps://www.debian.org/security/2022/dsa-5197Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2022/Oct/28Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2022/Oct/41Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2023/02/15/3Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdfPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://hackerone.com/reports/1570651Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2022/08/msg00017.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202212-01Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20220915-0003/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT213488Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2022/dsa-5197Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C157D010-3A81-4AAE-8FB6-51B559AF29B2",
              "versionEndExcluding": "7.84.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:scalance_sc622-2c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "50FEE5FA-B141-4E5F-8673-363089262530",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:scalance_sc622-2c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "21A75847-54F1-453A-82D7-B6D2CB2DE7AA",
              "versionEndExcluding": "3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:scalance_sc626-2c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAC3EE40-4398-4337-B40E-8AACDF225BBF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:scalance_sc626-2c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECCD4A67-EA4B-47C7-83F8-5CCC18BC3C94",
              "versionEndExcluding": "3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:scalance_sc632-2c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E00E02E5-109C-44E7-8C20-BFEE7C739ADC",
              "versionEndExcluding": "3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:scalance_sc632-2c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A79836B-5EC1-40AF-8A57-9657EF6758E5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:scalance_sc636-2c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1BC85A6-386C-43E9-9266-50F8C53C7362",
              "versionEndExcluding": "3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:scalance_sc636-2c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB9BD17-7F1F-42E9-831F-EB907F9BC214",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:scalance_sc642-2c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ACE6C40-E0BB-4D65-A76E-BCCA262AF2FD",
              "versionEndExcluding": "3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:scalance_sc642-2c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "10C7D54A-27B4-4195-8131-DD5380472A75",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:scalance_sc646-2c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BFAB0B9-3C01-4066-B9CD-5A7C4A66AA3C",
              "versionEndExcluding": "3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:scalance_sc646-2c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E54AF1E6-0E52-447C-8946-18716D30EBE2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D",
              "versionEndExcluding": "8.2.12",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32",
              "versionEndExcluding": "9.0.6",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "curl \u003c 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors."
    },
    {
      "lang": "es",
      "value": "curl versiones anteriores a 7.84.0, soporta algoritmos de compresi\u00f3n HTTP \"encadenados\", lo que significa que una respuesta al servidor puede ser comprimida m\u00faltiples veces y potencialmente con diferentes algoritmos. El n\u00famero de \"eslabones\" aceptables en esta \"cadena de descompresi\u00f3n\" era ilimitado, lo que permit\u00eda a un servidor malicioso insertar un n\u00famero pr\u00e1cticamente ilimitado de pasos de compresi\u00f3n. El uso de una cadena de descompresi\u00f3n de este tipo pod\u00eda resultar en una \"bomba de malloc\", haciendo que curl acabara gastando enormes cantidades de memoria de mont\u00f3n asignada, o intentando y devolviendo errores de memoria"
    }
  ],
  "id": "CVE-2022-32206",
  "lastModified": "2024-11-21T07:05:55.120",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-07T13:15:08.340",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/02/15/3"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/1570651"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202212-01"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213488"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5197"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/02/15/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/1570651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202212-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213488"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5197"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Summary
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/101382Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1039596Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2998Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3047Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3264Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3267Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3268Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201710-31Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201711-14Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2017/dsa-4015Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2017/dsa-4048Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101382Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039596Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2998Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3047Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3264Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3267Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3268Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201710-31Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201711-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4015Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4048Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 1.9.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 1.9.0
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_management_plug-ins -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp e-series_santricity_web_services -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp oncommand_workflow_automation -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
              "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes JRockit y Java SE de Oracle Java SE (subcomponente: Serialization). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9; Java SE Embedded: 8u144. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE JRockit. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) en Java SE, JRockit. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2017-10347",
  "lastModified": "2024-11-21T03:05:58.563",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-19T17:29:04.060",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101382"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2998"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3047"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3264"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3267"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3268"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-14"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4015"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101382"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2998"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4048"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/101369Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1039596Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2998Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3047Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3264Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3267Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3268Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201710-31Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201711-14Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2017/dsa-4015Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2017/dsa-4048Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101369Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039596Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2998Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3047Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3264Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3267Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3268Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201710-31Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201711-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4015Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4048Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 1.9.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 1.9.0
oracle jrockit r28.3.15
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_management_plug-ins -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp e-series_santricity_web_services -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp oncommand_workflow_automation -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "66CB92D2-A529-4912-9D59-40EAC3F5D674",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
              "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: Networking). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a la capacidad no autorizada de provocar una denegaci\u00f3n de servicio parcial (DoS parcial) en Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2017-10355",
  "lastModified": "2024-11-21T03:05:59.977",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-19T17:29:04.343",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101369"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2998"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3047"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3264"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3267"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3268"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-14"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4015"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2998"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4048"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-01-10 21:29
Modified
2024-11-21 04:01
Summary
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
References
cve@mitre.orghttp://www.securityfocus.com/bid/106531Broken Link
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3702Third Party Advisory
cve@mitre.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfPatch, Third Party Advisory
cve@mitre.orghttps://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=hPatch
cve@mitre.orghttps://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2Patch
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2019/03/msg00030.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/201903-16Third Party Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/202007-53Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20190215-0001/Third Party Advisory
cve@mitre.orghttps://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txtPatch, Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/3885-1/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2019/dsa-4387Third Party Advisory
cve@mitre.orghttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/106531Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3702Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=hPatch
af854a3a-2127-422b-91ae-364da2661108https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2Patch
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/03/msg00030.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201903-16Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202007-53Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190215-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txtPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3885-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4387Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52D09A55-B853-43B5-8397-E2AC6CD0EBBC",
              "versionEndIncluding": "7.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D0A98E2-B715-4EF5-9CF8-07500E119271",
              "versionEndIncluding": "5.13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E968916-8CE0-4165-851F-14E37ECEA948",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B7A6697-98CC-4E36-93DB-B7160F8399F9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "271CACEB-10F5-4CA8-9C99-3274F18EE62D",
              "versionEndExcluding": "xcp2361",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "433EEE1B-134C-48F9-8688-23C5F1ABBF0F",
              "versionEndExcluding": "xcp2361",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FFEE5C-5DAE-4FAD-9651-7983DE092120",
              "versionEndExcluding": "xcp2361",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FD8BD3B-C35B-4C44-B5A1-FA4646ACB374",
              "versionEndExcluding": "xcp2361",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66D6EF49-7094-41D9-BDF5-AE5846E37418",
              "versionEndExcluding": "xcp2361",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6593DA00-EE33-4223-BEAE-8DC629E79287",
              "versionEndExcluding": "xcp2361",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "67E048EC-4A4F-4F0A-B0B5-F234700293DA",
              "versionEndExcluding": "xcp3070",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF6FAFAE-EBA5-43D2-9CA8-ECF3DD3B285E",
              "versionEndExcluding": "xcp3070",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "665502CB-FCC8-4619-B673-408F7190252A",
              "versionEndExcluding": "xcp3070",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "665502CB-FCC8-4619-B673-408F7190252A",
              "versionEndExcluding": "xcp3070",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "483F5457-7E06-46F3-A808-194289B98AFF",
              "versionEndExcluding": "xcp3070",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5644E3E-941A-429A-9AFB-C1023659C1C2",
              "versionEndExcluding": "xcp3070",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C1318DD-6AF4-490D-A4AE-079BA544EF8F",
              "versionEndExcluding": "xcp3070",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D3A0312-1249-4257-98F1-57E8959989C5",
              "versionEndExcluding": "3.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA8B483F-0FD2-49F8-A86A-672A6E007949",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC0C9671-47BB-43CB-8906-9BC2B86B3229",
              "versionEndExcluding": "3.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C834C295-D600-44E8-9783-49A319084F5A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side."
    },
    {
      "lang": "es",
      "value": "En OpenSSH 7.9, scp.c en el cliente scp permite que los servidores SSH omitan las restricciones de acceso planeadas mediante un nombre de archivo \".\" o un nombre de archivo vac\u00edo. El impacto consiste en modificar los permisos del directorio objetivo en el lado del cliente."
    }
  ],
  "id": "CVE-2018-20685",
  "lastModified": "2024-11-21T04:01:59.800",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-10T21:29:00.377",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/106531"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3702"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197\u0026r2=1.198\u0026f=h"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-16"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202007-53"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190215-0001/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3885-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4387"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/106531"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3702"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197\u0026r2=1.198\u0026f=h"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-16"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202007-53"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190215-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3885-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4387"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/101396Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1039596Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2998Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3047Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3264Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3267Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3268Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201710-31Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201711-14Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2017/dsa-4015Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2017/dsa-4048Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101396Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039596Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2998Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3047Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3264Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3267Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3268Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201710-31Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201711-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4015Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4048Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 1.9.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 1.9.0
oracle jrockit r28.3.15
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_management_plug-ins -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp e-series_santricity_web_services -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp oncommand_workflow_automation -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "66CB92D2-A529-4912-9D59-40EAC3F5D674",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
              "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: Serialization). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) en Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 3.1 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2017-10345",
  "lastModified": "2024-11-21T03:05:58.137",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 3.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-19T17:29:03.997",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101396"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2998"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3047"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3264"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3267"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3268"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-14"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4015"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101396"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2998"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4048"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).
References
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3919Third Party Advisory
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3954Third Party Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/99712Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1038931Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://cert.vde.com/en-us/advisories/vde-2017-002Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201709-22Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3919Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3954Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99712Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038931Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert.vde.com/en-us/advisories/vde-2017-002Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201709-22Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
debian debian_linux 8.0
debian debian_linux 9.0
phoenixcontact fl_mguard_dm *
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap 9.6
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phoenixcontact:fl_mguard_dm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8556AADE-54E7-4D1B-A5AB-D37EF3B4962E",
              "versionEndIncluding": "1.8.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4022E33-B50C-4B0D-8485-F9091B6E57E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: RMI). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red mediante m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Aunque la vulnerabilidad est\u00e1 presente en Java SE y Java SE Embedded, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad s\u00f3lo puede ser explotada proporcionando datos a las API en los Componentes especificados sin emplear aplicaciones Java Web Start que no son de confianza o applets Java que no son de confianza, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 9.0 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)."
    }
  ],
  "id": "CVE-2017-10102",
  "lastModified": "2024-11-21T03:05:22.527",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T15:29:03.320",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99712"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99712"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-08-16 02:15
Modified
2024-11-21 04:28
Summary
drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2019/09/27/1Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2019/09/27/2Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2019/09/27/3Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/01/msg00013.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/03/msg00001.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike%40gmail.com/T/#u
cve@mitre.orghttps://seclists.org/bugtraq/2019/Nov/11Broken Link, Mailing List, Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20190905-0002/Third Party Advisory
cve@mitre.orghttps://support.f5.com/csp/article/K61214359Third Party Advisory
cve@mitre.orghttps://support.f5.com/csp/article/K61214359?utm_source=f5support&amp%3Butm_medium=RSS
cve@mitre.orghttps://usn.ubuntu.com/4184-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4185-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4186-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4186-2/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/09/27/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/09/27/2Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/09/27/3Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/01/msg00013.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/03/msg00001.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike%40gmail.com/T/#u
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Nov/11Broken Link, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190905-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.f5.com/csp/article/K61214359Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.f5.com/csp/article/K61214359?utm_source=f5support&amp%3Butm_medium=RSS
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4184-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4185-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4186-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4186-2/Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A90662CD-A064-48C3-9A43-3B1AFCFAD2E9",
              "versionEndIncluding": "5.2.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "83077160-BB98-408B-81F0-8EF9E566BF28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EF46487-B64A-454E-AECC-D74B83170ACD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor."
    },
    {
      "lang": "es",
      "value": "El archivo drivers/net/wireless/ath/ath6kl/usb.c en el kernel de Linux versiones hasta 5.2.9 presenta una desreferencia del puntero NULL mediante una direcci\u00f3n incompleta en un descriptor de endpoint."
    }
  ],
  "id": "CVE-2019-15098",
  "lastModified": "2024-11-21T04:28:02.770",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 4.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-16T02:15:11.393",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/09/27/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/09/27/2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/09/27/3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike%40gmail.com/T/#u"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Nov/11"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K61214359"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://support.f5.com/csp/article/K61214359?utm_source=f5support\u0026amp%3Butm_medium=RSS"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4184-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4185-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4186-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4186-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/09/27/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/09/27/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/09/27/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike%40gmail.com/T/#u"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Nov/11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K61214359"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.f5.com/csp/article/K61214359?utm_source=f5support\u0026amp%3Butm_medium=RSS"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4184-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4185-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4186-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4186-2/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-09-19 09:29
Modified
2024-11-21 03:54
Summary
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
References
cve@mitre.orghttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2Patch, Third Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/105417Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.securityfocus.com/bid/106503Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.securitytracker.com/id/1041748Patch, Third Party Advisory, VDB Entry
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2018:3656Third Party Advisory
cve@mitre.orghttps://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2Patch, Vendor Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2018/10/msg00003.htmlThird Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20190204-0001/Patch, Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/3776-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/3776-2/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/3777-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/3777-2/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/3777-3/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2018/dsa-4308Third Party Advisory
cve@mitre.orghttps://www.exploit-db.com/exploits/45497/Exploit, Third Party Advisory, VDB Entry
cve@mitre.orghttps://www.openwall.com/lists/oss-security/2018/09/18/4Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/105417Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/106503Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1041748Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:3656Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/10/msg00003.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190204-0001/Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3776-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3776-2/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3777-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3777-2/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3777-3/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4308Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/45497/Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.openwall.com/lists/oss-security/2018/09/18/4Mailing List, Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACCD57BD-57A5-4BEA-A884-2A21E7B92EBA",
              "versionEndExcluding": "3.16.58",
              "versionStartIncluding": "3.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8AB84BB-69BD-43DB-9CE3-0381B1FC862C",
              "versionEndExcluding": "3.18.123",
              "versionStartIncluding": "3.17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DE38E54-E821-4DB3-86DA-E6DCDD4361E0",
              "versionEndExcluding": "4.4.157",
              "versionStartIncluding": "3.19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "139B519B-2681-4096-A1CE-2CF58E0CE274",
              "versionEndExcluding": "4.9.128",
              "versionStartIncluding": "4.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8C1C6C9-9654-4BB7-9908-EFC7BA9040E8",
              "versionEndExcluding": "4.14.71",
              "versionStartIncluding": "4.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F765B15-BD3A-4C48-984C-05084867A943",
              "versionEndExcluding": "4.18.9",
              "versionStartIncluding": "4.15",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "83077160-BB98-408B-81F0-8EF9E566BF28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en el kernel de Linux hasta la versi\u00f3n 4.18.8. La funci\u00f3n vmacache_flush_all en mm/vmacache.c manipula incorrectamente los desbordamientos de n\u00fameros de secuencias. Un atacante puede desencadenar un uso de memoria previamente liberada (y posiblemente la obtenci\u00f3n de privilegios) mediante determinadas operaciones thread creation, map, unmap, invalidation y dereference."
    }
  ],
  "id": "CVE-2018-17182",
  "lastModified": "2024-11-21T03:54:02.213",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-09-19T09:29:00.620",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105417"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106503"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041748"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3656"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190204-0001/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3776-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3776-2/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3777-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3777-2/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3777-3/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4308"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/45497/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2018/09/18/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105417"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106503"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041748"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3656"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190204-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3776-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3776-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3777-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3777-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3777-3/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4308"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/45497/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2018/09/18/4"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-05-25 15:15
Modified
2024-11-21 06:41
Summary
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.
References
security@openanolis.orghttps://anas.openanolis.cn/cves/detail/CVE-2022-1678Third Party Advisory
security@openanolis.orghttps://anas.openanolis.cn/errata/detail/ANSA-2022:0143Third Party Advisory
security@openanolis.orghttps://bugzilla.openanolis.cn/show_bug.cgi?id=61Issue Tracking, Patch, Third Party Advisory
security@openanolis.orghttps://gitee.com/anolis/cloud-kernel/commit/bed537da691bPermissions Required
security@openanolis.orghttps://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25aPatch, Third Party Advisory
security@openanolis.orghttps://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com/
security@openanolis.orghttps://security.netapp.com/advisory/ntap-20220715-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://anas.openanolis.cn/cves/detail/CVE-2022-1678Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://anas.openanolis.cn/errata/detail/ANSA-2022:0143Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.openanolis.cn/show_bug.cgi?id=61Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gitee.com/anolis/cloud-kernel/commit/bed537da691bPermissions Required
af854a3a-2127-422b-91ae-364da2661108https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25aPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com/
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20220715-0001/Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2A2E0DA-9949-495C-AC30-A21F364D71E1",
              "versionEndIncluding": "4.19",
              "versionStartIncluding": "4.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "280AA828-6FA9-4260-8EC1-019423B966E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0DA944C-4992-424D-BC82-474585DAC5DF",
              "versionEndIncluding": "11.70.2",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en el Kernel de Linux de la 4.18 a 4.19, una actualizaci\u00f3n inapropiada de la referencia sock en el paso TCP puede conllevar a una p\u00e9rdida de memoria/netns, que puede ser usada por clientes remotos"
    }
  ],
  "id": "CVE-2022-1678",
  "lastModified": "2024-11-21T06:41:14.133",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "security@openanolis.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-05-25T15:15:07.887",
  "references": [
    {
      "source": "security@openanolis.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://anas.openanolis.cn/cves/detail/CVE-2022-1678"
    },
    {
      "source": "security@openanolis.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://anas.openanolis.cn/errata/detail/ANSA-2022:0143"
    },
    {
      "source": "security@openanolis.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=61"
    },
    {
      "source": "security@openanolis.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://gitee.com/anolis/cloud-kernel/commit/bed537da691b"
    },
    {
      "source": "security@openanolis.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a"
    },
    {
      "source": "security@openanolis.org",
      "url": "https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com/"
    },
    {
      "source": "security@openanolis.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220715-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://anas.openanolis.cn/cves/detail/CVE-2022-1678"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://anas.openanolis.cn/errata/detail/ANSA-2022:0143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=61"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://gitee.com/anolis/cloud-kernel/commit/bed537da691b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220715-0001/"
    }
  ],
  "sourceIdentifier": "security@openanolis.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-911"
        }
      ],
      "source": "security@openanolis.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3919Third Party Advisory
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3954Third Party Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/99703Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1038931Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201709-22Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3919Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3954Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99703Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038931Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201709-22Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
debian debian_linux 8.0
debian debian_linux 9.0
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap 9.6
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4022E33-B50C-4B0D-8485-F9091B6E57E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:vmware_vsphere:*:*:*",
              "matchCriteriaId": "670A4C5C-8FB1-4B7C-9E05-ACF110E95CCC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: Libraries). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por HTTP comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE y Java SE Embedded, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 9.6 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    }
  ],
  "id": "CVE-2017-10087",
  "lastModified": "2024-11-21T03:05:20.300",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.6,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T15:29:02.710",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99703"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99703"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/101354Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1039596Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2998Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3047Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3264Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3267Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3268Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201710-31Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201711-14Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2017/dsa-4015Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2017/dsa-4048Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101354Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039596Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2998Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3047Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3264Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3267Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3268Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201710-31Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201711-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4015Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4048Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 1.9.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 1.9.0
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_management_plug-ins -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp e-series_santricity_web_services -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp oncommand_workflow_automation -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
              "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: Libraries). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9; Java SE Embedded: 8u144. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) en Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2017-10348",
  "lastModified": "2024-11-21T03:05:58.787",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-19T17:29:04.093",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101354"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2998"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3047"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3264"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3267"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3268"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-14"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4015"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101354"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2998"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4048"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/101315Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1039596Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2998Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3047Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3264Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3267Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3268Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201710-31Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201711-14Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2017/dsa-4015Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2017/dsa-4048Third Party Advisory
secalert_us@oracle.comhttps://www.synology.com/support/security/Synology_SA_17_66_OpenJDKThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101315Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039596Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2998Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3047Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3264Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3267Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3268Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201710-31Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201711-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4015Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4048Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.synology.com/support/security/Synology_SA_17_66_OpenJDKThird Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 1.9.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 1.9.0
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_management_plug-ins -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp e-series_santricity_web_services -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp oncommand_workflow_automation -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
              "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: Hotspot). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9; Java SE Embedded: 8u144. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE y Java SE Embedded, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 9.6 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    }
  ],
  "id": "CVE-2017-10346",
  "lastModified": "2024-11-21T03:05:58.350",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.6,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-19T17:29:04.030",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101315"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2998"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3047"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3264"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3267"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3268"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-14"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4015"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4048"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101315"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2998"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3919Third Party Advisory
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3954Third Party Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/99731Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1038931Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201709-22Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3919Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3954Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99731Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038931Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201709-22Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
debian debian_linux 8.0
debian debian_linux 9.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0
netapp virtual_storage_console 6.2.2



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "066C2961-E9C4-418E-82AF-1A7C35D5C085",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "C54F036F-C6F9-47B5-AFFA-DD3C1D08DD9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.2.2:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "88B2E009-A457-4C3D-A8CF-84B7F3E8DA90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: Hotspot). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE y Java SE Embedded, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones de Java Web Start en sandbox o applets de Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 8.3 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    }
  ],
  "id": "CVE-2017-10074",
  "lastModified": "2024-11-21T03:05:18.413",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T15:29:02.287",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99731"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99731"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-01-16 20:29
Modified
2024-11-21 03:24
Summary
If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1.
Impacted products
Vendor Product Version
isc bind *
isc bind 9.9.10
isc bind 9.9.10
isc bind 9.10.5
isc bind 9.10.5
netapp data_ontap_edge -
netapp element_software -
netapp oncommand_balance -



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8E6E2D9-E137-498C-B175-1CA268B6E551",
              "versionEndIncluding": "9.11.1",
              "versionStartIncluding": "9.11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A64173CC-F89B-4276-8E33-525CC89A22A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.10:s1:*:*:*:*:*:*",
              "matchCriteriaId": "96715BE6-F6C4-4A9E-85F2-4E53FE740776",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "30ACDFC4-CD8D-4B89-B6C8-8466174B3D76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*",
              "matchCriteriaId": "82A6F259-EB06-4F31-9F68-A76F257756DC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0C4B1E5-75BF-43AE-BBAC-0DD4124C71ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0-\u003e9.11.1, 9.9.10-S1, 9.10.5-S1."
    },
    {
      "lang": "es",
      "value": "Si named est\u00e1 configurado para que emplee RPZ (Response Policy Zones), un error a a hora de procesar algunos tipos de regla puede conducir a una condici\u00f3n en la que BIND entrar\u00e1 en un bucle infinito al manejar una consulta. Afecta a BIND en la versi\u00f3n 9.9.10, 9.10.5, desde la versi\u00f3n 9.11.0 hasta la 9.11.1 y en las versiones  9.9.10-S1 y 9.10.5-S1."
    }
  ],
  "id": "CVE-2017-3140",
  "lastModified": "2024-11-21T03:24:55.003",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "security-officer@isc.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-16T20:29:00.457",
  "references": [
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99088"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038692"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03772en_us"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/docs/aa-01495"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201708-01"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180926-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99088"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038692"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03772en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/docs/aa-01495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201708-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180926-0001/"
    }
  ],
  "sourceIdentifier": "security-officer@isc.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/101328Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1039596Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3264Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3267Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201710-31Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
secalert_us@oracle.comhttps://www.exploit-db.com/exploits/43103/Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101328Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039596Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3264Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3267Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201710-31Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/43103/Exploit, Third Party Advisory, VDB Entry



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
              "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: Deployment). Las versiones compatibles que se han visto afectadas son Java SE: 8u144 y 9. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso no autorizado de actualizaci\u00f3n, inserci\u00f3n o supresi\u00f3n de algunos de los datos accesibles de Java SE, as\u00ed como el acceso de lectura sin autorizaci\u00f3n de un subconjunto de datos accesibles de Java SE y la capacidad no autorizada de provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de Java SE. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de aislado Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 7.1 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)."
    }
  ],
  "id": "CVE-2017-10309",
  "lastModified": "2024-11-21T03:05:52.657",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-19T17:29:02.733",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101328"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3264"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3267"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/43103/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101328"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/43103/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3919Third Party Advisory
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3954Third Party Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/99674Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1038931Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201709-22Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3919Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3954Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99674Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038931Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201709-22Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
debian debian_linux 8.0
debian debian_linux 9.0
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: JAXP). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE y Java SE Embedded, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 9.6 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    }
  ],
  "id": "CVE-2017-10101",
  "lastModified": "2024-11-21T03:05:22.330",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.6,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T15:29:03.287",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99674"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99674"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-07-26 05:15
Modified
2024-11-21 04:02
Summary
An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.htmlThird Party Advisory
cve@mitre.orghttps://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7Mailing List, Release Notes, Vendor Advisory
cve@mitre.orghttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00Mailing List, Patch, Vendor Advisory
cve@mitre.orghttps://github.com/torvalds/linux/commit/0625b4ba1a5d4703c7fb01c497bd6c156908af00Patch, Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20190905-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7Mailing List, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/torvalds/linux/commit/0625b4ba1a5d4703c7fb01c497bd6c156908af00Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190905-0002/Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "92C6CD12-AE92-4AFB-91FA-F2A97F5537D8",
              "versionEndExcluding": "4.18.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "83077160-BB98-408B-81F0-8EF9E566BF28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EF46487-B64A-454E-AECC-D74B83170ACD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en el kernel de Linux anterior a versi\u00f3n 4.18.7. En create_qp_common en archivo drivers/infiniband/hw/mlx5/qp.c, la funci\u00f3n mlx5_ib_create_qp_resp nunca fue inicializada, resultando en una p\u00e9rdida de memoria de pila en el espacio de usuario."
    }
  ],
  "id": "CVE-2018-20855",
  "lastModified": "2024-11-21T04:02:19.263",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-26T05:15:10.423",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/0625b4ba1a5d4703c7fb01c497bd6c156908af00"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/0625b4ba1a5d4703c7fb01c497bd6c156908af00"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
References
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3919Third Party Advisory
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3954Third Party Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/99854Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1038931Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201709-22Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3919Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3954Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99854Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038931Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201709-22Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
debian debian_linux 8.0
debian debian_linux 9.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap 9.6
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: Security). Las versiones compatibles que se han visto afectadas son Java SE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso de lectura sin autorizaci\u00f3n a un subconjunto de datos accesibles de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de aislado Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 3.1 (impactos en la confidencialidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)."
    }
  ],
  "id": "CVE-2017-10193",
  "lastModified": "2024-11-21T03:05:36.183",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T15:29:05.740",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99854"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99854"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-08-08 20:15
Modified
2024-11-21 06:16
Summary
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C85356F-2C6C-4FB9-B0CA-949711182223",
              "versionEndExcluding": "5.13.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection."
    },
    {
      "lang": "es",
      "value": "El archivo fs/nfs/nfs4client.c en el kernel de Linux versiones anteriores a 5.13.4, presenta un ordenamiento incorrecto de la configuraci\u00f3n de la conexi\u00f3n, que permite a operadores de servidores NFSv4 remotos causar una denegaci\u00f3n de servicio (cuelgue de montajes) al disponer de que esos servidores sean inalcanzables durante la detecci\u00f3n de trunking"
    }
  ],
  "id": "CVE-2021-38199",
  "lastModified": "2024-11-21T06:16:38.240",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-08-08T20:15:07.073",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4978"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4978"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-09-21 16:29
Modified
2024-11-21 03:53
Summary
An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
cve@mitre.orghttp://www.securityfocus.com/bid/105394Third Party Advisory, VDB Entry
cve@mitre.orghttps://bugzilla.suse.com/show_bug.cgi?id=1106512Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862Patch, Third Party Advisory
cve@mitre.orghttps://seclists.org/bugtraq/2019/Jul/33
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20190204-0001/Patch, Third Party Advisory
cve@mitre.orghttps://support.f5.com/csp/article/K22691834Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/105394Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.suse.com/show_bug.cgi?id=1106512Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Jul/33
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190204-0001/Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.f5.com/csp/article/K22691834Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28EB12EC-3BC4-4DCC-9A6A-5F810F17E8FE",
              "versionEndExcluding": "4.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "83077160-BB98-408B-81F0-8EF9E566BF28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en el kernel de Linux en versiones anteriores a la 4.8. La comprobaci\u00f3n de acceso incorrecta de montajes de overlayfs podr\u00eda ser empleada por los atacantes locales para modificar o truncar archivos en el sistema de archivos subyacente"
    }
  ],
  "id": "CVE-2018-16597",
  "lastModified": "2024-11-21T03:53:01.613",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-09-21T16:29:01.343",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105394"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1106512"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://seclists.org/bugtraq/2019/Jul/33"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190204-0001/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K22691834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105394"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1106512"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://seclists.org/bugtraq/2019/Jul/33"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190204-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K22691834"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-01-31 18:29
Modified
2024-11-21 04:45
Summary
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.htmlBroken Link
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3702Third Party Advisory
cve@mitre.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfPatch, Third Party Advisory
cve@mitre.orghttps://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.cRelease Notes, Vendor Advisory
cve@mitre.orghttps://cvsweb.openbsd.org/src/usr.bin/ssh/scp.cRelease Notes, Vendor Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2019/03/msg00030.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/
cve@mitre.orghttps://security.gentoo.org/glsa/201903-16Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20190213-0001/Third Party Advisory
cve@mitre.orghttps://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txtThird Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/3885-1/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2019/dsa-4387Third Party Advisory
cve@mitre.orghttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3702Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.cRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.cRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/03/msg00030.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201903-16Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190213-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txtThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3885-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4387Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52D09A55-B853-43B5-8397-E2AC6CD0EBBC",
              "versionEndIncluding": "7.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D0A98E2-B715-4EF5-9CF8-07500E119271",
              "versionEndIncluding": "5.13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E968916-8CE0-4165-851F-14E37ECEA948",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B7A6697-98CC-4E36-93DB-B7160F8399F9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D3A0312-1249-4257-98F1-57E8959989C5",
              "versionEndExcluding": "3.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA8B483F-0FD2-49F8-A86A-672A6E007949",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC0C9671-47BB-43CB-8906-9BC2B86B3229",
              "versionEndExcluding": "3.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C834C295-D600-44E8-9783-49A319084F5A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "271CACEB-10F5-4CA8-9C99-3274F18EE62D",
              "versionEndExcluding": "xcp2361",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "433EEE1B-134C-48F9-8688-23C5F1ABBF0F",
              "versionEndExcluding": "xcp2361",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FFEE5C-5DAE-4FAD-9651-7983DE092120",
              "versionEndExcluding": "xcp2361",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FD8BD3B-C35B-4C44-B5A1-FA4646ACB374",
              "versionEndExcluding": "xcp2361",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66D6EF49-7094-41D9-BDF5-AE5846E37418",
              "versionEndExcluding": "xcp2361",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6593DA00-EE33-4223-BEAE-8DC629E79287",
              "versionEndExcluding": "xcp2361",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "67E048EC-4A4F-4F0A-B0B5-F234700293DA",
              "versionEndExcluding": "xcp3070",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF6FAFAE-EBA5-43D2-9CA8-ECF3DD3B285E",
              "versionEndExcluding": "xcp3070",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "665502CB-FCC8-4619-B673-408F7190252A",
              "versionEndExcluding": "xcp3070",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "483F5457-7E06-46F3-A808-194289B98AFF",
              "versionEndExcluding": "xcp3070",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5644E3E-941A-429A-9AFB-C1023659C1C2",
              "versionEndExcluding": "xcp3070",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C1318DD-6AF4-490D-A4AE-079BA544EF8F",
              "versionEndExcluding": "xcp3070",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en OpenSSH 7.9. Debido a la falta de cifrado de caracteres en la pantalla de progreso, un servidor malicioso (o atacante Man-in-the-Middle) puede emplear nombres de objeto manipulados para manipular la salida del cliente, por ejemplo, empleando c\u00f3digos de control de ANSI para ocultar los archivos adicionales que se est\u00e1n transfiriendo. Esto afecta a refresh_progress_meter() en progressmeter.c."
    }
  ],
  "id": "CVE-2019-6109",
  "lastModified": "2024-11-21T04:45:57.517",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-31T18:29:00.710",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3702"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-16"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190213-0001/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3885-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4387"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3702"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-16"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190213-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3885-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4387"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-116"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-01-16 20:29
Modified
2024-11-21 03:24
Summary
A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8.
References
security-officer@isc.orghttp://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
security-officer@isc.orghttp://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html
security-officer@isc.orghttp://www.securityfocus.com/bid/97653Third Party Advisory, VDB Entry
security-officer@isc.orghttp://www.securitytracker.com/id/1038259Third Party Advisory, VDB Entry
security-officer@isc.orghttps://access.redhat.com/errata/RHSA-2017:1095Third Party Advisory
security-officer@isc.orghttps://access.redhat.com/errata/RHSA-2017:1105Third Party Advisory
security-officer@isc.orghttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_usThird Party Advisory
security-officer@isc.orghttps://kb.isc.org/docs/aa-01465Vendor Advisory
security-officer@isc.orghttps://security.gentoo.org/glsa/201708-01Third Party Advisory
security-officer@isc.orghttps://security.netapp.com/advisory/ntap-20180802-0002/Third Party Advisory
security-officer@isc.orghttps://www.debian.org/security/2017/dsa-3854Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/97653Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038259Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1095Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1105Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://kb.isc.org/docs/aa-01465Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201708-01Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180802-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-3854Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BCD9327-F097-49B8-BEFF-07785EE8BB6D",
              "versionEndIncluding": "9.8.8",
              "versionStartIncluding": "9.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4418EDD7-AC58-48A3-BE65-273C0E8222E3",
              "versionEndIncluding": "9.9.9",
              "versionStartIncluding": "9.9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1DE78F6-B88E-44A7-BECD-B78B7E9052C1",
              "versionEndIncluding": "9.10.4",
              "versionStartIncluding": "9.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*",
              "matchCriteriaId": "25855A5C-302F-4A82-AEC1-8C4C9CB70362",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*",
              "matchCriteriaId": "86C1A668-D648-4E72-876B-E72D341003D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.0:p2:*:*:*:*:*:*",
              "matchCriteriaId": "0CFD0CE9-FE4D-4FB3-9486-36FA1A4FADF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.0:p3:*:*:*:*:*:*",
              "matchCriteriaId": "E134536A-0F48-4F54-8399-5EF4C09BFF85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.0:p4:*:*:*:*:*:*",
              "matchCriteriaId": "63C9ED44-1207-4BE6-B5BB-56D198DC0C19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.0:p5:*:*:*:*:*:*",
              "matchCriteriaId": "561BF14D-8D6A-4DDB-82BB-6B8EBF34C326",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.0:p6:*:*:*:*:*:*",
              "matchCriteriaId": "931DBFCE-F071-490F-867F-52A150DBD245",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A7BE793-7717-4019-8F50-158C309E48B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*",
              "matchCriteriaId": "FCC182A9-5989-4A87-A3BA-F1CFAEDC95E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "9C8F0163-FF32-44E0-B05C-F89263CD56A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "94C0C9FC-5CCF-4AD7-8D83-7B579102F7E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "BB2D2132-62E8-4E73-A0BF-4790DAFC5558",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "E253BD9F-25B8-42E7-BEAB-E843381ED155",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "6B5E42E5-27C6-4D6F-B7DC-903B10BF2017",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "7E211374-A4F5-41D4-A89E-E6522E9D0DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "21CC7BA7-6D75-4561-ACF3-F1F61A0CBA62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "70586A2A-AA52-48F5-B2B0-390CA77807E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*",
              "matchCriteriaId": "8C5A0370-9490-40CC-84E8-EEE95A6F233B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CEC78396-4667-4A45-8DBD-0D0C2AAE1549",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3160C5ED-75EA-47B2-998E-EDFC46B37DDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*",
              "matchCriteriaId": "086C327B-DF9F-4D4E-A538-1E29FEDC34C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*",
              "matchCriteriaId": "1440B408-76B6-4FA7-899D-E28049A37704",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*",
              "matchCriteriaId": "4D50373F-C1C4-4EC9-B94F-854C3444717D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "CE6ED392-74B9-487E-83B0-ECAAEEAB3AB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "EEA791E2-27E0-49C5-9823-0C57647C788F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0C4B1E5-75BF-43AE-BBAC-0DD4124C71ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -\u003e 9.8.8-P1, 9.9.0 -\u003e 9.9.9-P6, 9.9.10b1-\u003e9.9.10rc1, 9.10.0 -\u003e 9.10.4-P6, 9.10.5b1-\u003e9.10.5rc1, 9.11.0 -\u003e 9.11.0-P3, 9.11.1b1-\u003e9.11.1rc1, 9.9.3-S1 -\u003e 9.9.9-S8."
    },
    {
      "lang": "es",
      "value": "Una consulta con un conjunto determinado de caracter\u00edsticas podr\u00eda provocar que un servidor que emplea DNS64 se encuentre con un fallo de aserci\u00f3n y termine. Un atacante podr\u00eda construir deliberadamente una consulta, habilitando una denegaci\u00f3n de servicio (DoS) contra un servidor si est\u00e1 configurado para emplear la caracter\u00edstica DNS64 y se cumplen otras precondiciones. Afecta a BIND desde la versi\u00f3n 9.8.0 hasta la9.8.8-P1, desde la versi\u00f3n 9.9.0 hasta la 9.9.9-P6, desde la versi\u00f3n 9.9.10b1 hasta la 9.9.10rc1, desde la versi\u00f3n 9.10.0 hasta la 9.10.4-P6, desde la versi\u00f3n 9.10.5b1 hasta la 9.10.5rc1, desde la versi\u00f3n 9.11.0 hasta la 9.11.0-P3, desde la versi\u00f3n 9.11.1b1 hasta la 9.11.1rc1 y desde la versi\u00f3n 9.9.3-S1 hasta 9.9.9-S8."
    }
  ],
  "id": "CVE-2017-3136",
  "lastModified": "2024-11-21T03:24:54.430",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "security-officer@isc.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-16T20:29:00.313",
  "references": [
    {
      "source": "security-officer@isc.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
    },
    {
      "source": "security-officer@isc.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97653"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038259"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1095"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1105"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03747en_us"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/docs/aa-01465"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201708-01"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180802-0002/"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-3854"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97653"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038259"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03747en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/docs/aa-01465"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201708-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180802-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-3854"
    }
  ],
  "sourceIdentifier": "security-officer@isc.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-617"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3919Third Party Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/99707Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1038931Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201709-22Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3919Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99707Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038931Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201709-22Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.8.0
oracle jre 1.8.0
debian debian_linux 9.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap 9.6
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: Libraries). La versi\u00f3n compatible afectada es Java SE: 8u131; Java SE Embedded: 8u131. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE y Java SE Embedded, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 9.6 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    }
  ],
  "id": "CVE-2017-10111",
  "lastModified": "2024-11-21T03:05:24.160",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.6,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T15:29:03.647",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99707"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99707"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-01-16 20:29
Modified
2024-11-21 03:24
Summary
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.
References
security-officer@isc.orghttp://www.securityfocus.com/bid/97651Third Party Advisory, VDB Entry
security-officer@isc.orghttp://www.securitytracker.com/id/1038258Third Party Advisory, VDB Entry
security-officer@isc.orghttp://www.securitytracker.com/id/1040195Third Party Advisory, VDB Entry
security-officer@isc.orghttps://access.redhat.com/errata/RHSA-2017:1095Third Party Advisory
security-officer@isc.orghttps://access.redhat.com/errata/RHSA-2017:1105Third Party Advisory
security-officer@isc.orghttps://access.redhat.com/errata/RHSA-2017:1582Third Party Advisory
security-officer@isc.orghttps://access.redhat.com/errata/RHSA-2017:1583Third Party Advisory
security-officer@isc.orghttps://kb.isc.org/docs/aa-01466Vendor Advisory
security-officer@isc.orghttps://security.gentoo.org/glsa/201708-01Third Party Advisory
security-officer@isc.orghttps://security.netapp.com/advisory/ntap-20180802-0002/Third Party Advisory
security-officer@isc.orghttps://www.debian.org/security/2017/dsa-3854Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/97651Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038258Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040195Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1095Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1105Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1582Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1583Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://kb.isc.org/docs/aa-01466Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201708-01Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180802-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-3854Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*",
              "matchCriteriaId": "2BDE2752-E5CD-4AE6-A404-2C209F942B7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:s8:*:*:*:*:*:*",
              "matchCriteriaId": "0FE9D5AE-65D4-4744-9789-09AE3B1F4BAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "9C8F0163-FF32-44E0-B05C-F89263CD56A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "94C0C9FC-5CCF-4AD7-8D83-7B579102F7E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "70586A2A-AA52-48F5-B2B0-390CA77807E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*",
              "matchCriteriaId": "8C5A0370-9490-40CC-84E8-EEE95A6F233B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CEC78396-4667-4A45-8DBD-0D0C2AAE1549",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*",
              "matchCriteriaId": "4D50373F-C1C4-4EC9-B94F-854C3444717D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*",
              "matchCriteriaId": "A923D26C-3BE1-492E-99CF-1BB14D8A6388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "EEA791E2-27E0-49C5-9823-0C57647C788F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD6D0378-F0F4-4AAA-80AF-8287C790EC96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF83BB87-B203-48F9-9D06-48A5FE399050",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "16E6D998-B41D-4B49-9E00-8336D2E40A4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C81647C-9A53-481D-A54C-36770A093F90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "44B067C7-735E-43C9-9188-7E1522A02491",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "835AE071-CEAE-49E5-8F0C-E5F50FB85EFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "13E02156-E748-4820-B76F-7074793837E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6755B6AD-0422-467B-8115-34A60B1D1A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0C4B1E5-75BF-43AE-BBAC-0DD4124C71ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1-\u003e9.9.10rc1, 9.10.4-P6, 9.10.5b1-\u003e9.10.5rc1, 9.11.0-P3, 9.11.1b1-\u003e9.11.1rc1, and 9.9.9-S8."
    },
    {
      "lang": "es",
      "value": "Las asunciones equivocadas sobre el orden de los registros en la secci\u00f3n de respuesta de una respuesta que contiene registros de recursos CNAME o DNAME podr\u00eda conducir a una situaci\u00f3n en la que named se cerrar\u00eda con un fallo de aserci\u00f3n al procesar una respuesta en la que los registros ocurrieron en un orden inusual. Afecta a BIND en versiones 9.9.9-P6, desde la versi\u00f3n 9.9.10b1 hasta la 9.9.10rc1, la versi\u00f3n 9.10.4-P6, desde la versi\u00f3n 9.10.5b1 hasta la 9.10.5rc1, la versi\u00f3n 9.11.0-P3, desde la versi\u00f3n 9.11.1b1 hasta la 9.11.1rc1 y en la versi\u00f3n 9.9.9-S8."
    }
  ],
  "id": "CVE-2017-3137",
  "lastModified": "2024-11-21T03:24:54.583",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security-officer@isc.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-16T20:29:00.377",
  "references": [
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97651"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038258"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040195"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1095"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1105"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1582"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1583"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/docs/aa-01466"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201708-01"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180802-0002/"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-3854"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038258"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040195"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1582"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/docs/aa-01466"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201708-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180802-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-3854"
    }
  ],
  "sourceIdentifier": "security-officer@isc.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-617"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).
References
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3919Third Party Advisory
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3954Third Party Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/99853Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1038931Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201709-22Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3919Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3954Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99853Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038931Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201709-22Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "066C2961-E9C4-418E-82AF-1A7C35D5C085",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "C54F036F-C6F9-47B5-AFFA-DD3C1D08DD9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.2.2:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "88B2E009-A457-4C3D-A8CF-84B7F3E8DA90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: Hotspot). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar con acceso a red por HTTP comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso no autorizado a la actualizaci\u00f3n, inserci\u00f3n o supresi\u00f3n de algunos de los datos accesibles de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que s\u00f3lo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 4.3 (impactos en la integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)."
    }
  ],
  "id": "CVE-2017-10081",
  "lastModified": "2024-11-21T03:05:19.443",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T15:29:02.523",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99853"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99853"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-05-23 14:29
Modified
2024-11-21 04:16
Summary
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.
References
security@apache.orghttp://www.securityfocus.com/bid/108427Third Party Advisory, VDB Entry
security@apache.orghttps://access.redhat.com/errata/RHSA-2019:3140Third Party Advisory
security@apache.orghttps://access.redhat.com/errata/RHSA-2019:3892Third Party Advisory
security@apache.orghttps://access.redhat.com/errata/RHSA-2019:4352Third Party Advisory
security@apache.orghttps://issues.apache.org/jira/browse/ZOOKEEPER-1392Issue Tracking, Patch, Vendor Advisory
security@apache.orghttps://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a%40%3Ccommits.accumulo.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391%40%3Cissues.bookkeeper.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b%40%3Ccommon-issues.hadoop.apache.org%3E
security@apache.orghttps://lists.debian.org/debian-lts-announce/2019/05/msg00033.htmlMailing List, Third Party Advisory
security@apache.orghttps://seclists.org/bugtraq/2019/Jun/13Mailing List, Third Party Advisory
security@apache.orghttps://security.netapp.com/advisory/ntap-20190619-0001/Third Party Advisory
security@apache.orghttps://www.debian.org/security/2019/dsa-4461Third Party Advisory
security@apache.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
security@apache.orghttps://zookeeper.apache.org/security.html#CVE-2019-0201Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/108427Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3140Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3892Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:4352Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://issues.apache.org/jira/browse/ZOOKEEPER-1392Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a%40%3Ccommits.accumulo.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391%40%3Cissues.bookkeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b%40%3Ccommon-issues.hadoop.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/05/msg00033.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Jun/13Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190619-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4461Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://zookeeper.apache.org/security.html#CVE-2019-0201Vendor Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:activemq:5.15.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "70B11FEF-4CBF-4483-A5BD-CDA5AFAE52AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:drill:1.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "235DC57F-22B8-4219-9499-7D005D90A654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19FD698D-914D-46C3-810B-F749CD0C0DE8",
              "versionEndIncluding": "3.4.13",
              "versionStartIncluding": "1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:zookeeper:3.5.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "3B1074FD-02DC-4CDC-A8F2-4CE0827539B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:zookeeper:3.5.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "2F0F84E2-88CE-4350-B342-DA761D43682E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:zookeeper:3.5.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "ACB3229A-F1BA-4AA7-916A-9061BE561AD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:zookeeper:3.5.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "0E5C9D62-F9A2-4961-8440-9DF6F5C213D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:zookeeper:3.5.1:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "A0C88D5A-86CD-41D3-B453-6060482E84E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:zookeeper:3.5.1:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "24BEEE1F-5408-43F8-B662-B826349E97D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:zookeeper:3.5.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "4031DB88-F356-458F-BC77-91B62744A466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:zookeeper:3.5.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AB019BEC-6C42-4A51-9C45-389B6529CE96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:zookeeper:3.5.1:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "107E465A-A904-4198-8171-3D764B9F1C19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:zookeeper:3.5.1:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D5DE5D25-B8A9-4172-80FF-D430D47AE96A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:zookeeper:3.5.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "3E2EB460-5B43-42E3-98AF-FB08B0C94957",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:zookeeper:3.5.2:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "9C89705C-D40E-4C7D-A019-809D32AC1A98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:zookeeper:3.5.2:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "738C3017-324B-46AB-8D71-5202E31DBC97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:zookeeper:3.5.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "39BE8DA0-6839-4E59-838F-E0D6A4F96D3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:zookeeper:3.5.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "09C66E38-BDA9-42A6-8DBE-4E8781AE8394",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:zookeeper:3.5.3:beta:*:*:*:*:*:*",
              "matchCriteriaId": "81C99F52-0D85-41C8-A0DA-CE29C917ADDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:zookeeper:3.5.3:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "9B94B4B9-2B39-4879-BC68-2E4DEC57650D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:zookeeper:3.5.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3E6AADAF-368B-4143-AE49-736A4101D732",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:zookeeper:3.5.4:beta:*:*:*:*:*:*",
              "matchCriteriaId": "C392B5BC-1B19-49CB-B43F-D485EC4DC094",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:fuse:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F31D7E8-D31D-4268-9ABF-3733915AA226",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4E7F2AA-B851-4D85-9895-2CDD6BE9FCB4",
              "versionEndExcluding": "19.1.0.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:siebel_core_-_server_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9C855EA-6E35-4EFF-ADEB-0EDFF90272BD",
              "versionEndIncluding": "21.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CFFA207-BDA9-4088-890E-99D9A30421D8",
              "versionEndExcluding": "18.1.3.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper\u2019s getACL() command doesn\u2019t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users."
    },
    {
      "lang": "es",
      "value": "Hay un problema presente en Apache ZooKeeper 1.0.0 a 3.4.13 y 3.5.0-alpha a 3.5.4-beta. El comando getACL () de ZooKeeper no verifica ning\u00fan permiso cuando recupera las ACL del nodo solicitado y devuelve toda la informaci\u00f3n contenida en el campo Id. De ACL como cadena de texto sin formato. DigestAuthenticationProvider sobrecarga el campo Id con el valor hash que se utiliza para la autenticaci\u00f3n del usuario. Como consecuencia, si la autenticaci\u00f3n impl\u00edcita est\u00e1 en uso, el valor hash sin sal ser\u00e1 revelado por la solicitud getACL () para usuarios no autenticados o no privilegiados."
    }
  ],
  "id": "CVE-2019-0201",
  "lastModified": "2024-11-21T04:16:28.487",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-05-23T14:29:07.517",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108427"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3140"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3892"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:4352"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://issues.apache.org/jira/browse/ZOOKEEPER-1392"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a%40%3Ccommits.accumulo.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b%40%3Ccommon-issues.hadoop.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jun/13"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190619-0001/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4461"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://zookeeper.apache.org/security.html#CVE-2019-0201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108427"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3140"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3892"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:4352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://issues.apache.org/jira/browse/ZOOKEEPER-1392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a%40%3Ccommits.accumulo.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b%40%3Ccommon-issues.hadoop.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jun/13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190619-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4461"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://zookeeper.apache.org/security.html#CVE-2019-0201"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-08-08 20:15
Modified
2024-11-21 06:16
Summary
btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C85356F-2C6C-4FB9-B0CA-949711182223",
              "versionEndExcluding": "5.13.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info."
    },
    {
      "lang": "es",
      "value": "btrfs en el kernel de Linux versiones anteriores a 5.13.4, permite a atacantes causar una denegaci\u00f3n de servicio (bloqueo) por medio de procesos que desencadenan la asignaci\u00f3n de nuevos trozos del sistema durante los momentos en que hay una escasez de espacio libre en el space_info del sistema"
    }
  ],
  "id": "CVE-2021-38203",
  "lastModified": "2024-11-21T06:16:39.090",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-08-08T20:15:07.217",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-667"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
References
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3919Third Party Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/99752Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1038931Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://cert.vde.com/en-us/advisories/vde-2017-002Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201709-22Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3919Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99752Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038931Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert.vde.com/en-us/advisories/vde-2017-002Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201709-22Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.8.0
oracle jre 1.8.0
debian debian_linux 9.0
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
phoenixcontact fl_mguard_dm *
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0
netapp virtual_storage_console 6.2.2



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phoenixcontact:fl_mguard_dm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8556AADE-54E7-4D1B-A5AB-D37EF3B4962E",
              "versionEndIncluding": "1.8.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "066C2961-E9C4-418E-82AF-1A7C35D5C085",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "C54F036F-C6F9-47B5-AFFA-DD3C1D08DD9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.2.2:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "88B2E009-A457-4C3D-A8CF-84B7F3E8DA90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: Scripting). La versi\u00f3n compatible afectada es Java SE: 8u131. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con pocos privilegios que tenga acceso a red por HTTP comprometa la seguridad de Java SE. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso no autorizado a la actualizaci\u00f3n, inserci\u00f3n o supresi\u00f3n de datos confidenciales o de todos los datos accesibles de Java SE, as\u00ed como el acceso sin autorizaci\u00f3n a datos de un nivel de importancia cr\u00edtico o todos los datos accesibles de Java SE. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start en sandbox o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 8.1 (impactos en la confidencialidad e integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
    }
  ],
  "id": "CVE-2017-10078",
  "lastModified": "2024-11-21T03:05:18.977",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T15:29:02.427",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99752"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99752"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-02-01 14:29
Modified
2024-11-21 04:10
Severity ?
Summary
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.
References
cve@mitre.orghttp://bugs.debian.org/878159Issue Tracking, Mailing List, Third Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/102912Third Party Advisory, VDB Entry
cve@mitre.orghttps://access.redhat.com/errata/RHBA-2019:0327Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2018:3092Patch, Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20190404-0003/Third Party Advisory
cve@mitre.orghttps://sourceware.org/bugzilla/show_bug.cgi?id=22343Issue Tracking, Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4218-1/
cve@mitre.orghttps://usn.ubuntu.com/4416-1/
cve@mitre.orghttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://bugs.debian.org/878159Issue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/102912Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHBA-2019:0327Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:3092Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190404-0003/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://sourceware.org/bugzilla/show_bug.cgi?id=22343Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4218-1/
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4416-1/
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "495E9424-0BBA-4820-B793-031DDAC80417",
              "versionEndIncluding": "2.26",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F59AE20-7B9D-47A5-9E0D-A73F4A0E7D34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D4AF039-F3B6-45EB-A87E-8BCCF822AE23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "404A4EE8-6572-4B35-8C6A-A3CB8F1308A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_communications_broker:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "17C9CFFB-0F3A-4E59-B6C9-9C8A20BB9B91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E11C65C3-1B17-4362-A99C-59583081A24D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0C4B1E5-75BF-43AE-BBAC-0DD4124C71ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software_management:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E63EEA7-05AB-4B1C-9061-AF357566DCDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E82538D3-D912-4943-AFFB-34B8EBB33C6A",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider:*:*:*:*:*:clustered_data_ontap:*:*",
              "matchCriteriaId": "C57F75D8-DF7A-49D1-BB27-FF21661107B3",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider:6.x:*:*:*:*:clustered_data_ontap:*:*",
              "matchCriteriaId": "DFA159F3-FFE5-4488-9547-8649F285C0C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1D07062-AA59-49D9-9F27-F2024B873266",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de enteros en la implementaci\u00f3n de posix_memalign en las funciones memalign en GNU C Library (tambi\u00e9n conocido como glibc o libc6) en versiones 2.26 y anteriores podr\u00eda provocar que estas funciones devuelvan un puntero a un \u00e1rea de la memoria din\u00e1mica (heap) demasiado peque\u00f1a, pudiendo corromper el heap."
    }
  ],
  "id": "CVE-2018-6485",
  "lastModified": "2024-11-21T04:10:45.230",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-02-01T14:29:00.623",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://bugs.debian.org/878159"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102912"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHBA-2019:0327"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3092"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190404-0003/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22343"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/4218-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/4416-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://bugs.debian.org/878159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102912"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHBA-2019:0327"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190404-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22343"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/4218-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/4416-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-07-07 13:15
Modified
2024-11-21 07:05
Summary
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
References
support@hackerone.comhttp://seclists.org/fulldisclosure/2022/Oct/28Mailing List, Third Party Advisory
support@hackerone.comhttp://seclists.org/fulldisclosure/2022/Oct/41Mailing List, Third Party Advisory
support@hackerone.comhttps://hackerone.com/reports/1590071Exploit, Third Party Advisory
support@hackerone.comhttps://lists.debian.org/debian-lts-announce/2022/08/msg00017.htmlMailing List, Third Party Advisory
support@hackerone.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/Mailing List, Third Party Advisory
support@hackerone.comhttps://security.gentoo.org/glsa/202212-01Third Party Advisory
support@hackerone.comhttps://security.netapp.com/advisory/ntap-20220915-0003/Third Party Advisory
support@hackerone.comhttps://support.apple.com/kb/HT213488Third Party Advisory
support@hackerone.comhttps://www.debian.org/security/2022/dsa-5197Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2022/Oct/28Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2022/Oct/41Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://hackerone.com/reports/1590071Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2022/08/msg00017.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202212-01Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20220915-0003/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT213488Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2022/dsa-5197Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1F67AD5-9AB1-490D-B2A2-383B6A5066FB",
              "versionEndExcluding": "7.84.0",
              "versionStartIncluding": "7.16.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71E032AD-F827-4944-9699-BB1E6D4233FC",
              "versionEndExcluding": "13.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D",
              "versionEndExcluding": "8.2.12",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32",
              "versionEndExcluding": "9.0.6",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "When curl \u003c 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client."
    },
    {
      "lang": "es",
      "value": "Cuando curl versiones anteriores a 7.84.0, hace transferencias FTP aseguradas por krb5, maneja inapropiadamente los fallos de verificaci\u00f3n de mensajes. Este fallo hace posible que un ataque de tipo Man-In-The-Middle pase desapercibido e incluso permite inyectar datos al cliente"
    }
  ],
  "id": "CVE-2022-32208",
  "lastModified": "2024-11-21T07:05:55.503",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-07T13:15:08.467",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/1590071"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202212-01"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213488"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5197"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/1590071"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202212-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213488"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5197"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-840"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to deployment of Java where the Java Auto Update is enabled. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to deployment of Java where the Java Auto Update is enabled. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: Deployment). Las versiones compatibles que se han visto afectadas son Java SE: 7u141 y 8u131. Una vulnerabilidad dif\u00edcilmente explotable permite el acceso f\u00edsico, lo que compromete la seguridad de Java SE. Aunque la vulnerabilidad est\u00e1 presente en Java SE, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE. Nota: Se aplica a la implementaci\u00f3n de Java cuando Java Auto Update est\u00e1 habilitado. CVSS 3.0 Base Score 7.1 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)."
    }
  ],
  "id": "CVE-2017-10125",
  "lastModified": "2024-11-21T03:05:26.233",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T15:29:04.087",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99809"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99809"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-11-09 07:15
Modified
2024-11-21 07:28
Summary
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.
References
cve@mitre.orghttps://github.com/python/cpython/issues/98433Exploit, Patch, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2023/05/msg00024.html
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2023/06/msg00039.html
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/
cve@mitre.orghttps://security.gentoo.org/glsa/202305-02Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20221209-0007/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/python/cpython/issues/98433Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202305-02Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20221209-0007/Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "20A23D09-CFA7-4028-A5E9-7AD784C2B9D8",
              "versionEndIncluding": "3.7.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E43ADF1-EABE-45A4-96BE-F1E018ADAEE3",
              "versionEndIncluding": "3.8.15",
              "versionStartIncluding": "3.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FB09E1E-A9D2-494E-9481-1BBA00D3CFEC",
              "versionEndIncluding": "3.9.15",
              "versionStartIncluding": "3.9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2415C537-F33F-496E-BD1C-65887C29FA0B",
              "versionEndIncluding": "3.10.8",
              "versionStartIncluding": "3.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:3.11.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "E533460B-E5D6-4C30-A36B-15E2DDF4121C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:3.11.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "514A577E-5E60-40BA-ABD0-A8C5EB28BD90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:3.11.0:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "83B71795-9C81-4E5F-967C-C11808F24B05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:3.11.0:alpha3:*:*:*:*:*:*",
              "matchCriteriaId": "3F6F71F3-299E-4A4B-ADD1-EAD5A1D433E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:3.11.0:alpha4:*:*:*:*:*:*",
              "matchCriteriaId": "D9BBF4E9-EA54-41B5-948E-8E3D2660B7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:3.11.0:alpha5:*:*:*:*:*:*",
              "matchCriteriaId": "AEBFDCE7-81D4-4741-BB88-12C704515F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:3.11.0:alpha6:*:*:*:*:*:*",
              "matchCriteriaId": "156EB4C2-EFB7-4CEB-804D-93DB62992A63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:3.11.0:alpha7:*:*:*:*:*:*",
              "matchCriteriaId": "8CC972AE-16A8-4B74-A3E7-36BCDD7C1ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:3.11.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "554015CB-0325-438B-8C11-0F85F54ABC50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:3.11.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "8037C129-0030-455E-A359-98E14D1498D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:3.11.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "7C3DC43B-72CC-4FC5-8072-F051FB47F6D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:3.11.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "6657ED60-908B-48E6-B95B-572E57CFBB69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:3.11.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "1EF628A1-82F5-403C-B527-388C13507CDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:3.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3055A198-13F8-42C0-8FD7-316AA8984A8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:3.11.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "03591292-46A3-4F6C-9DC6-4C7BFC4C8743",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
              "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A6E548F-62E9-40CB-85DA-FDAA0F0096C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "86B51137-28D9-41F2-AFA2-3CC22B4954D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en Python antes de la versi\u00f3n 3.11.1. Existe un algoritmo cuadr\u00e1tico innecesario en una ruta cuando se procesan algunas entradas al decodificador IDNA (RFC 3490), de modo que un nombre elaborado e irrazonablemente largo que se presente al decodificador podr\u00eda provocar una denegaci\u00f3n de servicio de la CPU. Los nombres de host suelen ser proporcionados por servidores remotos que podr\u00edan estar controlados por un actor malicioso; en tal escenario, podr\u00edan desencadenar un consumo excesivo de CPU en el cliente que intenta hacer uso de un supuesto nombre de host proporcionado por el atacante. Por ejemplo, el payload del ataque podr\u00eda colocarse en el encabezado Ubicaci\u00f3n de una respuesta HTTP con el c\u00f3digo de estado 302. Est\u00e1 prevista una soluci\u00f3n en 3.11.1, 3.10.9, 3.9.16, 3.8.16 y 3.7.16."
    }
  ],
  "id": "CVE-2022-45061",
  "lastModified": "2024-11-21T07:28:42.067",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-11-09T07:15:09.887",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/python/cpython/issues/98433"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202305-02"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20221209-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/python/cpython/issues/98433"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202305-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20221209-0007/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-407"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-06-04 13:15
Modified
2024-11-21 05:01
Summary
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://support.ntp.org/bin/view/Main/NtpBug3596Vendor Advisory
cve@mitre.orghttps://bugs.ntp.org/show_bug.cgi?id=3596Issue Tracking, Vendor Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/202007-12Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200625-0004/Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.ntp.org/bin/view/Main/NtpBug3596Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.ntp.org/show_bug.cgi?id=3596Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202007-12Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200625-0004/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
ntp ntp *
ntp ntp *
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
netapp cloud_backup -
netapp clustered_data_ontap -
netapp data_ontap -
netapp element_software -
netapp hci_management_node -
netapp ontap_tools -
netapp solidfire -
netapp steelstore_cloud_integrated_storage -
netapp hci_compute_node_firmware -
netapp hci_compute_node -
netapp h410c_firmware -
netapp h410c -
netapp h300s_firmware -
netapp h300s -
netapp h500s_firmware -
netapp h500s -
netapp h700s_firmware -
netapp h700s -
netapp h300e_firmware -
netapp h300e -
netapp h500e_firmware -
netapp h500e -
netapp h700e_firmware -
netapp h700e -
netapp h410s_firmware -
netapp h410s -
opensuse leap 15.1
opensuse leap 15.2
fujitsu m10-1_firmware *
fujitsu m10-1 -
fujitsu m10-4_firmware *
fujitsu m10-4 -
fujitsu m10-4s_firmware *
fujitsu m10-4s -
fujitsu m12-1_firmware *
fujitsu m12-1 -
fujitsu m12-2_firmware *
fujitsu m12-2 -
fujitsu m12-2s_firmware *
fujitsu m12-2s -
fujitsu m10-4_firmware *
fujitsu m10-4 -
fujitsu m10-4s_firmware *
fujitsu m10-4s -
fujitsu m12-1_firmware *
fujitsu m12-1 -
fujitsu m12-2_firmware *
fujitsu m12-2 -
fujitsu m12-2s_firmware *
fujitsu m12-2s -



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CED3C1F7-6FFA-44D1-BC56-2BB1963F3B9F",
              "versionEndExcluding": "4.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB8D7864-41B0-443E-96CF-B011B95223F0",
              "versionEndExcluding": "4.3.100",
              "versionStartIncluding": "4.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
              "matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
              "matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
              "matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
              "matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
              "matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
              "matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*",
              "matchCriteriaId": "0BC62D4E-D519-458C-BE4E-10DDB73A97D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p11:*:*:*:*:*:*",
              "matchCriteriaId": "1C420117-862A-41A9-BAE8-8B3478FAEBC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p12:*:*:*:*:*:*",
              "matchCriteriaId": "4A484251-3220-498C-83FE-A04B013A31A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p13:*:*:*:*:*:*",
              "matchCriteriaId": "E0CE4157-852B-42ED-A77C-8A17B189432E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
              "matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
              "matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
              "matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*",
              "matchCriteriaId": "75A9AA28-1B20-44BB-815C-7294A53E910E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
              "matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
              "matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*",
              "matchCriteriaId": "F12E4CF5-536C-416B-AD8D-6AE7CBE22C71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*",
              "matchCriteriaId": "EE002C76-406D-4F22-B738-E17BDEA70BCC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "6C2ACC32-5147-4EA5-95BE-B6B4EAB3D82B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "CBCC384C-5DF0-41AB-B17B-6E9B6CAE8065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F921BC85-568E-4B69-A3CD-CF75C76672F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E63B7B2-409A-476E-BA12-2A2D2F3B85DE",
              "versionEndExcluding": "xcp2410",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB5D4C9-DA14-4188-9181-17336F9445F6",
              "versionEndExcluding": "xcp2410",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B65E2F3-57EC-46C0-BB4A-0A0F3F8D387E",
              "versionEndExcluding": "xcp2410",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "90B7CFBF-761C-4EAA-A322-EF5E294AADED",
              "versionEndExcluding": "xcp2410",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "48B28ABF-7E1A-4A1E-8F78-0D95D7BDF886",
              "versionEndExcluding": "xcp2410",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E74AAF52-1388-4BD9-B17B-3A6A32CA3608",
              "versionEndExcluding": "xcp2410",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FC0460E-4695-44FB-99EE-28B2C957B760",
              "versionEndExcluding": "xcp3110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD54A092-85A7-4459-9C69-19E6E24AC24B",
              "versionEndExcluding": "xcp3110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F813DBC-BA1E-4C73-AA11-1BD3F9508372",
              "versionEndExcluding": "xcp3110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFDF4F39-1C6C-4AD3-99CF-BD5B44B8C71B",
              "versionEndExcluding": "xcp3110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "416B805F-799A-4466-AC5A-93D083A2ABBD",
              "versionEndExcluding": "xcp3110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance."
    },
    {
      "lang": "es",
      "value": "ntpd en ntp versiones anteriores a 4.2.8p14 y versiones 4.3.x versiones anteriores a 4.3.100, permite a atacantes remotos causar una denegaci\u00f3n de servicio (salida del demonio o cambio de hora del sistema) mediante la predicci\u00f3n de las marcas de tiempo de transmisi\u00f3n para su uso en paquetes falsificados. La v\u00edctima debe confiar en fuentes de tiempo IPv4 no autenticadas. Debe haber un atacante fuera de la ruta que pueda consultar el tiempo desde la instancia ntpd de la v\u00edctima"
    }
  ],
  "id": "CVE-2020-13817",
  "lastModified": "2024-11-21T05:01:55.633",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "cve@mitre.org",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-04T13:15:11.053",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/NtpBug3596"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugs.ntp.org/show_bug.cgi?id=3596"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202007-12"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200625-0004/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/NtpBug3596"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugs.ntp.org/show_bug.cgi?id=3596"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202007-12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200625-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-330"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-04-10 20:29
Modified
2024-11-21 04:20
Severity ?
Summary
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.htmlThird Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2019/04/22/1Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2019/04/23/5Mailing List, Third Party Advisory
cve@mitre.orghttps://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6Patch, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2019/04/msg00016.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20191017-0001/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/3947-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/3947-2/Third Party Advisory
cve@mitre.orghttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/04/22/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/04/23/5Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/04/msg00016.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20191017-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3947-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3947-2/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E054BED-0DA0-4966-8B7F-E7DDFAAF892F",
              "versionEndIncluding": "1.1.33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
              "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:8.0:update_221:*:*:*:*:*:*",
              "matchCriteriaId": "8594A5FB-33D0-422E-8F32-16ECF08DB45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
              "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0DA944C-4992-424D-BC82-474585DAC5DF",
              "versionEndIncluding": "11.70.2",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB695329-036B-447D-BEB0-AA4D89D1D99C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
              "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded."
    },
    {
      "lang": "es",
      "value": "libxslt hasta la versi\u00f3n 1.1.33 permite omitir los mecanismos de protecci\u00f3n debido a que los callers xsltCheckRead y xsltCheckWrite permiten acceso incluso despu\u00e9s de recibir el c\u00f3digo de error -1. xsltCheckRead puede devolver -1 para una URL creada que no es realmente inv\u00e1lida y que se carga posteriormente."
    }
  ],
  "id": "CVE-2019-11068",
  "lastModified": "2024-11-21T04:20:28.480",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-04-10T20:29:01.147",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/04/22/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/04/23/5"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20191017-0001/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3947-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3947-2/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/04/22/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/04/23/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20191017-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3947-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3947-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-03-25 19:15
Modified
2024-11-21 06:37
Summary
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.
References
secalert@redhat.comhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2230&can=7&q=modified-after%3Atoday-30&sort=-modified&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve&cells=tiles&redir=1Exploit, Issue Tracking, Patch, Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2036934Issue Tracking, Patch, Third Party Advisory
secalert@redhat.comhttps://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306eb23814Patch, Vendor Advisory
secalert@redhat.comhttps://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet%40gmail.com/T/
secalert@redhat.comhttps://security.netapp.com/advisory/ntap-20221111-0003/Third Party Advisory
secalert@redhat.comhttps://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.chromium.org/p/project-zero/issues/detail?id=2230&can=7&q=modified-after%3Atoday-30&sort=-modified&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve&cells=tiles&redir=1Exploit, Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2036934Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306eb23814Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet%40gmail.com/T/
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20221111-0003/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "037A6DFB-B41D-4CC7-86C1-A201809B79C4",
              "versionEndExcluding": "5.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.15:-:*:*:*:*:*:*",
              "matchCriteriaId": "40D9C0D1-0F32-4A2B-9840-1072F5497540",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E46C74C6-B76B-4C94-A6A4-FD2FFF62D644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "60134C3A-06E4-48C1-B04F-2903732A4E56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "0460DA88-8FE1-46A2-9DDA-1F1ABA552E71",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5DA53D-744B-4087-AEA9-257F18949E4D",
              "versionEndIncluding": "11.70.2",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDD92BFA-9117-4E6E-A13F-ED064B4B7284",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B7DA42F-5D64-4967-A2D4-6210FE507841",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EDB6772-7FDB-45FF-8D72-952902A7EE56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9955F62A-75D3-4347-9AD3-5947FC365838",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A6D77C7-A2F4-4700-AB5A-3EC853496ECA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information."
    },
    {
      "lang": "es",
      "value": "Se ha encontrado un fallo de lectura de uso de memoria previamente liberada en la funci\u00f3n sock_getsockopt() en el archivo net/core/sock.c debido a la carrera de SO_PEERCRED y SO_PEERGROUPS con listen() (y connect()) en el kernel de Linux. En este fallo, un atacante con privilegios de usuario puede bloquear el sistema o filtrar informaci\u00f3n interna del kernel"
    }
  ],
  "id": "CVE-2021-4203",
  "lastModified": "2024-11-21T06:37:08.430",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-03-25T19:15:09.833",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2230\u0026can=7\u0026q=modified-after%3Atoday-30\u0026sort=-modified\u0026colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve\u0026cells=tiles\u0026redir=1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036934"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306eb23814"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet%40gmail.com/T/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20221111-0003/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2230\u0026can=7\u0026q=modified-after%3Atoday-30\u0026sort=-modified\u0026colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve\u0026cells=tiles\u0026redir=1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036934"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306eb23814"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet%40gmail.com/T/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20221111-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        },
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/101338Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1039596Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3047Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201710-31Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101338Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039596Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3047Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201710-31Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
              "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: Javadoc). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por HTTP comprometa la seguridad de Java SE. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso no autorizado de actualizaci\u00f3n, inserci\u00f3n o supresi\u00f3n de algunos de los datos accesibles de Java SE, as\u00ed como el acceso de lectura sin autorizaci\u00f3n a un subconjunto de datos accesibles de Java SE. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de aislado Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 6.1 (impactos en la confidencialidad e integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
    }
  ],
  "id": "CVE-2017-10293",
  "lastModified": "2024-11-21T03:05:50.797",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-19T17:29:02.343",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101338"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3047"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101338"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-02-27 23:29
Modified
2024-11-21 04:36
Summary
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
References
openssl-security@openssl.orghttp://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.htmlMailing List, Third Party Advisory
openssl-security@openssl.orghttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.htmlMailing List, Third Party Advisory
openssl-security@openssl.orghttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.htmlMailing List, Third Party Advisory
openssl-security@openssl.orghttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.htmlMailing List, Third Party Advisory
openssl-security@openssl.orghttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.htmlMailing List, Third Party Advisory
openssl-security@openssl.orghttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.htmlMailing List, Third Party Advisory
openssl-security@openssl.orghttp://www.securityfocus.com/bid/107174Third Party Advisory, VDB Entry
openssl-security@openssl.orghttps://access.redhat.com/errata/RHSA-2019:2304Third Party Advisory
openssl-security@openssl.orghttps://access.redhat.com/errata/RHSA-2019:2437Third Party Advisory
openssl-security@openssl.orghttps://access.redhat.com/errata/RHSA-2019:2439Third Party Advisory
openssl-security@openssl.orghttps://access.redhat.com/errata/RHSA-2019:2471Third Party Advisory
openssl-security@openssl.orghttps://access.redhat.com/errata/RHSA-2019:3929Third Party Advisory
openssl-security@openssl.orghttps://access.redhat.com/errata/RHSA-2019:3931Third Party Advisory
openssl-security@openssl.orghttps://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e
openssl-security@openssl.orghttps://kc.mcafee.com/corporate/index?page=content&id=SB10282Third Party Advisory
openssl-security@openssl.orghttps://lists.debian.org/debian-lts-announce/2019/03/msg00003.htmlMailing List, Third Party Advisory
openssl-security@openssl.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/
openssl-security@openssl.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/
openssl-security@openssl.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/
openssl-security@openssl.orghttps://security.gentoo.org/glsa/201903-10Third Party Advisory
openssl-security@openssl.orghttps://security.netapp.com/advisory/ntap-20190301-0001/Patch, Third Party Advisory
openssl-security@openssl.orghttps://security.netapp.com/advisory/ntap-20190301-0002/Broken Link, Third Party Advisory
openssl-security@openssl.orghttps://security.netapp.com/advisory/ntap-20190423-0002/Third Party Advisory
openssl-security@openssl.orghttps://support.f5.com/csp/article/K18549143Third Party Advisory
openssl-security@openssl.orghttps://support.f5.com/csp/article/K18549143?utm_source=f5support&amp%3Butm_medium=RSS
openssl-security@openssl.orghttps://usn.ubuntu.com/3899-1/Third Party Advisory
openssl-security@openssl.orghttps://usn.ubuntu.com/4376-2/Broken Link
openssl-security@openssl.orghttps://www.debian.org/security/2019/dsa-4400Third Party Advisory
openssl-security@openssl.orghttps://www.openssl.org/news/secadv/20190226.txtVendor Advisory
openssl-security@openssl.orghttps://www.oracle.com/security-alerts/cpujan2020.htmlThird Party Advisory
openssl-security@openssl.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
openssl-security@openssl.orghttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
openssl-security@openssl.orghttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
openssl-security@openssl.orghttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory
openssl-security@openssl.orghttps://www.tenable.com/security/tns-2019-02Patch, Third Party Advisory
openssl-security@openssl.orghttps://www.tenable.com/security/tns-2019-03Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/107174Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:2304Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:2437Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:2439Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:2471Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3929Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3931Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e
af854a3a-2127-422b-91ae-364da2661108https://kc.mcafee.com/corporate/index?page=content&id=SB10282Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/03/msg00003.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201903-10Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190301-0001/Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190301-0002/Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190423-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.f5.com/csp/article/K18549143Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.f5.com/csp/article/K18549143?utm_source=f5support&amp%3Butm_medium=RSS
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3899-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4376-2/Broken Link
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4400Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.openssl.org/news/secadv/20190226.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.tenable.com/security/tns-2019-02Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.tenable.com/security/tns-2019-03Third Party Advisory
Impacted products
Vendor Product Version
openssl openssl *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
debian debian_linux 8.0
debian debian_linux 9.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp active_iq_unified_manager -
netapp altavault -
netapp cloud_backup -
netapp clustered_data_ontap_antivirus_connector -
netapp element_software -
netapp hci_management_node -
netapp hyper_converged_infrastructure -
netapp oncommand_insight -
netapp oncommand_unified_manager -
netapp oncommand_unified_manager -
netapp oncommand_unified_manager_core_package -
netapp oncommand_workflow_automation -
netapp ontap_select_deploy -
netapp ontap_select_deploy_administration_utility -
netapp santricity_smi-s_provider -
netapp service_processor -
netapp smi-s_provider -
netapp snapcenter -
netapp snapdrive -
netapp snapdrive -
netapp snapprotect -
netapp solidfire -
netapp steelstore_cloud_integrated_storage -
netapp storage_automation_store -
netapp storagegrid *
netapp storagegrid -
netapp hci_compute_node -
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_analytics *
f5 big-ip_analytics *
f5 big-ip_analytics *
f5 big-ip_analytics *
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_security_manager *
f5 big-ip_application_security_manager *
f5 big-ip_application_security_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_domain_name_system *
f5 big-ip_domain_name_system *
f5 big-ip_domain_name_system *
f5 big-ip_edge_gateway *
f5 big-ip_edge_gateway *
f5 big-ip_edge_gateway *
f5 big-ip_edge_gateway *
f5 big-ip_fraud_protection_service *
f5 big-ip_fraud_protection_service *
f5 big-ip_fraud_protection_service *
f5 big-ip_fraud_protection_service *
f5 big-ip_global_traffic_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_link_controller *
f5 big-ip_link_controller *
f5 big-ip_link_controller *
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_local_traffic_manager *
f5 big-ip_local_traffic_manager *
f5 big-ip_local_traffic_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_webaccelerator *
f5 big-ip_webaccelerator *
f5 big-ip_webaccelerator *
f5 big-ip_webaccelerator *
f5 big-iq_centralized_management *
f5 big-iq_centralized_management *
f5 traffix_signaling_delivery_controller *
f5 traffix_signaling_delivery_controller 4.4.0
tenable nessus *
opensuse leap 15.0
opensuse leap 15.1
opensuse leap 42.3
netapp cn1610_firmware -
netapp cn1610 -
netapp a320_firmware -
netapp a320 -
netapp c190_firmware -
netapp c190 -
netapp a220_firmware -
netapp a220 -
netapp fas2720_firmware -
netapp fas2720 -
netapp fas2750_firmware -
netapp fas2750 -
netapp a800_firmware -
netapp a800 -
fedoraproject fedora 29
fedoraproject fedora 30
fedoraproject fedora 31
mcafee agent *
mcafee data_exchange_layer *
mcafee threat_intelligence_exchange_server *
mcafee web_gateway *
redhat jboss_enterprise_web_server 5.0.0
redhat enterprise_linux 6.0
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
redhat virtualization 4.0
redhat virtualization_host 4.0
redhat enterprise_linux 7.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
oracle api_gateway 11.1.2.4.0
oracle business_intelligence 11.1.1.9.0
oracle business_intelligence 12.2.1.3.0
oracle business_intelligence 12.2.1.4.0
oracle communications_diameter_signaling_router 8.0.0
oracle communications_diameter_signaling_router 8.1
oracle communications_diameter_signaling_router 8.2
oracle communications_diameter_signaling_router 8.3
oracle communications_diameter_signaling_router 8.4
oracle communications_performance_intelligence_center 10.4.0.2
oracle communications_session_border_controller 7.4
oracle communications_session_border_controller 8.0.0
oracle communications_session_border_controller 8.1.0
oracle communications_session_border_controller 8.2
oracle communications_session_border_controller 8.3
oracle communications_session_router 7.4
oracle communications_session_router 8.0
oracle communications_session_router 8.1
oracle communications_session_router 8.2
oracle communications_session_router 8.3
oracle communications_unified_session_manager 7.3.5
oracle communications_unified_session_manager 8.2.5
oracle endeca_server 7.7.0
oracle enterprise_manager_base_platform 12.1.0.5.0
oracle enterprise_manager_base_platform 13.2.0.0.0
oracle enterprise_manager_base_platform 13.3.0.0.0
oracle enterprise_manager_ops_center 12.3.3
oracle enterprise_manager_ops_center 12.4.0
oracle jd_edwards_enterpriseone_tools 9.2
oracle jd_edwards_world_security a9.3
oracle jd_edwards_world_security a9.3.1
oracle jd_edwards_world_security a9.4
oracle mysql *
oracle mysql *
oracle mysql *
oracle mysql_enterprise_monitor *
oracle mysql_enterprise_monitor *
oracle mysql_workbench *
oracle peoplesoft_enterprise_peopletools 8.55
oracle peoplesoft_enterprise_peopletools 8.56
oracle peoplesoft_enterprise_peopletools 8.57
oracle secure_global_desktop 5.4
oracle services_tools_bundle 19.2
paloaltonetworks pan-os *
paloaltonetworks pan-os *
paloaltonetworks pan-os *
paloaltonetworks pan-os *
nodejs node.js *
nodejs node.js *
nodejs node.js *
nodejs node.js *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FB0EC34-4625-4B2A-8AB9-0764D9D9E6BC",
              "versionEndExcluding": "1.0.2r",
              "versionStartIncluding": "1.0.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:altavault:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E878102-1EA0-4D83-9F36-955DCF902211",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "62347994-1353-497C-9C4A-D5D8D95F67E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hyper_converged_infrastructure:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "893C0367-DD1A-4754-B9E0-4944344108EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C18CA4B5-28FD-4199-B1F0-B1E59E920370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "EB2FB857-5F1F-46E5-A90C-AFB990BF1660",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A4D418D-B526-46B9-B439-E1963BF88C0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E968916-8CE0-4165-851F-14E37ECEA948",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "361B791A-D336-4431-8F68-8135BEFFAEA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "146A767F-DC04-454B-9913-17D3A2B5AAA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
              "matchCriteriaId": "61D7EF01-F618-497F-9375-8003CEA3D380",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BEDE62C6-D571-4AF8-B85E-CBBCE4AF98B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F74F467A-0C81-40D9-BA06-40FB8EF02C04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B7A6697-98CC-4E36-93DB-B7160F8399F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D239B58A-9386-443D-B579-B56AE2A500BC",
              "versionEndIncluding": "9.0.4",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C3B5688-0235-4D4F-A26C-440FF24A1B43",
              "versionEndIncluding": "12.1.5",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "706316DC-8C24-4D9E-B7B4-F62CB52106B8",
              "versionEndIncluding": "13.1.3",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCBAF5C1-3761-47BB-AD8E-A55A64D33AF3",
              "versionEndIncluding": "14.1.2",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFBB9E7C-08D1-4B30-AD3B-CADBF30D756B",
              "versionEndIncluding": "15.1.0",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "151ED6D1-AA85-4213-8F3A-8167CBEC4721",
              "versionEndIncluding": "12.1.5",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFA83D61-1A50-47F5-B9BE-15D672A6DDAD",
              "versionEndIncluding": "13.1.3",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "925049D0-082E-4CED-9996-A55620A220CF",
              "versionEndIncluding": "14.1.2",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "830028B5-9BAF-439C-8166-1053C0CB9836",
              "versionEndIncluding": "15.1.0",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D5AA99B-08E7-4959-A3B4-41AA527B4B22",
              "versionEndIncluding": "12.1.5",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "22C64069-68D1-445F-B20D-FD1FF8DB0F71",
              "versionEndIncluding": "13.1.3",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D87C038-B96D-4EA8-AB03-0401B2C9BB24",
              "versionEndIncluding": "14.1.2",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "01BC2A57-030F-4A13-B584-BE2627EA3FE7",
              "versionEndIncluding": "15.1.0",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DC86A5F-C793-4848-901F-04BFB57A07F6",
              "versionEndIncluding": "12.1.5",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CE03A8F-DAE1-4923-9741-DC89FA8A6FD8",
              "versionEndIncluding": "13.1.3",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "037C035C-9CFC-4224-8264-6132252D11FD",
              "versionEndIncluding": "14.1.2",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD91F1A1-67F5-4547-848B-21664A9CC685",
              "versionEndIncluding": "15.1.0",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E5552A3-91CD-4B97-AD33-4F1FB4C8827A",
              "versionEndIncluding": "12.1.5",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7E616EB-F2F9-43BF-A23D-8FD0650DA85B",
              "versionEndIncluding": "13.1.3",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE66A673-75EF-4AB3-AD4D-A1E70C7EFB08",
              "versionEndIncluding": "14.1.2",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10367A28-787A-4FAB-80AD-ADD67A751732",
              "versionEndIncluding": "15.1.0",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "55C2EC23-E78F-4447-BACF-21FC36ABF155",
              "versionEndIncluding": "12.1.5",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "180D2770-61F3-4CFB-B5FA-1CF1796D4B3E",
              "versionEndIncluding": "13.1.3",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "46712630-407A-4E61-B62F-3AB156353A1D",
              "versionEndIncluding": "14.1.2",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "21E18EA5-2210-41B1-87B0-55AB16514FE2",
              "versionEndIncluding": "15.1.0",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFFCCCFF-8B66-4C8B-A99A-32964855EF98",
              "versionEndIncluding": "12.1.5",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D0BD10F-735D-4442-828B-0B90207ABEAD",
              "versionEndIncluding": "13.1.3",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "448BB033-AE0F-46A0-8E98-3A6AE36EADAE",
              "versionEndIncluding": "14.1.2",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC06609D-C362-4214-8487-2278161B5EAD",
              "versionEndIncluding": "15.1.0",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "945A19E8-51EB-42FE-9BF1-12DAC78B5286",
              "versionEndIncluding": "12.1.5",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2008DD47-CC1D-430F-8478-E90617F5F998",
              "versionEndIncluding": "13.1.3",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC39F6EE-478A-4638-B97D-3C25FD318F3D",
              "versionEndIncluding": "14.1.2",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "317C50A2-FE92-4C78-A94A-062274E6A6A8",
              "versionEndIncluding": "15.1.0",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB5007D0-BBDB-4D74-9C88-98FBA74757D1",
              "versionEndIncluding": "12.1.5",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "389B6330-3041-4892-97D5-B5A6D9CE1487",
              "versionEndIncluding": "13.1.3",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C556587-6963-49CF-8A2B-00431B386D78",
              "versionEndIncluding": "14.1.2",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D748001D-340C-45C4-A2D0-0575538C5CEC",
              "versionEndIncluding": "15.1.0",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7725810-66D2-4460-A174-9F3BFAD966F2",
              "versionEndIncluding": "12.1.5",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7854954-A9A4-487B-B6C7-8DC1F83F4BD7",
              "versionEndIncluding": "13.1.3",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "572B1078-60C4-4A71-A0F4-2E2F4FBC4102",
              "versionEndIncluding": "14.1.2",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0371EB7C-3D41-4B8C-8FA9-DC6F42442448",
              "versionEndIncluding": "15.1.0",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFD760FE-4347-4D36-B5C6-4009398060F2",
              "versionEndIncluding": "12.1.5",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB7588DA-75D3-4374-8871-D92E95509C91",
              "versionEndIncluding": "13.1.3",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C95403E8-A078-47E8-9B2F-F572D24C79EF",
              "versionEndIncluding": "14.1.2",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C1BC0A8-5868-4FCA-80A5-661C3870EB7D",
              "versionEndIncluding": "15.1.0",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65B76F53-7D8B-477E-8B6E-91AC0A9009FF",
              "versionEndIncluding": "12.1.5",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E824BD72-428F-4A8D-ABE6-2A45EB9A4E3A",
              "versionEndIncluding": "13.1.3",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "57A92EE2-FFC9-45C9-9454-7DFAB1F7EE11",
              "versionEndIncluding": "14.1.2",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0585424E-3F74-400E-8199-ED964317F89F",
              "versionEndIncluding": "15.1.0",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "69338CB1-B6E2-44E7-BEC1-6B9EAD560C8B",
              "versionEndIncluding": "12.1.5",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A6CF6F4-D68A-45C3-A36E-A8B3AF61367F",
              "versionEndIncluding": "13.1.3",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2ADF37B-FCEB-4735-82D9-4241E3A4DE64",
              "versionEndIncluding": "14.1.2",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7722F39-9B7E-4267-B757-B9570B039323",
              "versionEndIncluding": "15.1.0",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F37D18F2-8C6A-4557-85DC-2A751595423C",
              "versionEndIncluding": "6.1.0",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C88B0206-093A-4A18-8322-A1CD1D4ACF2A",
              "versionEndIncluding": "7.1.0",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700",
              "versionEndIncluding": "5.1.0",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D71A781-FBD8-4084-8D9C-00D7B6ECB9A1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "427DA624-2397-4A61-A2ED-23F5C22C174E",
              "versionEndIncluding": "8.2.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB30733E-68FC-49C4-86C0-7FEE75C366BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6361DAC6-600F-4B15-8797-D67F298F46FB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:a320_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ADE5E80-06D3-4A1B-A655-FBB6CCA03939",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:a320:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8FD5E05-3C58-465F-9D4F-ECC2CD78DCFF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "75A43965-CB2E-4C28-AFC3-1ADE7A6B845C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:c190:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D421A96-E6E9-4B27-ADE0-D8E87A82EEDE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F2D2745-242C-4603-899E-70C9025BDDD2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:a220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFB4541D-5EF7-4266-BFF3-2DDEC95E8012",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7FD1DA9-7980-4643-B378-7095892DA176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:fas2720:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "347E9E3E-941C-4109-B59F-B9BB05486B34",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD661062-0D5B-4671-9D92-FEF8D7395C1E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:fas2750:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8155BF5F-DD1B-4AB4-81F8-9BCE6A8821AE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B36CECA5-4545-49C2-92EB-B739407B207F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:a800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8E7549A-DE35-4274-B3F6-22D51C7A6613",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
              "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:agent:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD9362E-F36F-4820-A29E-5BDDF6AC3ACE",
              "versionEndIncluding": "5.6.4",
              "versionStartIncluding": "5.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "02630E85-191E-4C58-B81B-4DAF93A26856",
              "versionEndExcluding": "6.0.0",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65D5476E-FBF9-474B-87E1-B6459E52736C",
              "versionEndExcluding": "3.0.0",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDD5E877-978C-4A16-B6C5-41A30D020B54",
              "versionEndExcluding": "9.0.0",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_server:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0F04157-FB34-4F22-B328-6BE1F2373DEE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5553591-073B-45E3-999F-21B8BA2EEE22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_intelligence:11.1.1.9.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "523CD57C-43D4-4C79-BA00-A9A65C6588E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "77C3DD16-1D81-40E1-B312-50FBD275507C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "81DAC8C0-D342-44B5-9432-6B88D389584F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4534CF9-D9FD-4936-9D8C-077387028A05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D60384BD-284C-4A68-9EEF-0FAFDF0C21F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDA8DD5B-8A34-4CB3-B0FB-F82C73B25007",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6E5E8B0-EDE5-4FE4-880C-766FAE1EA42C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8EDA23C-7F75-4712-AF3F-B0E3597810B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D139E52-0528-4D05-8502-1AB9AB10CA9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F59AE20-7B9D-47A5-9E0D-A73F4A0E7D34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D4AF039-F3B6-45EB-A87E-8BCCF822AE23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B9F6415-2950-49FE-9CAF-8BCA4DB6DF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C05190B9-237F-4E2E-91EA-DB1B738864AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_router:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5D0F0C0-75EB-4685-A4CD-E58D1F2C6FDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_router:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B59717B5-34D5-4C83-904A-884ED30DFC19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_router:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19BA6F25-B88A-42A1-A9E3-2DCF4E8F51A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_router:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E28B437-64A8-456C-98A1-4ADF5B6A2F60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_router:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D705705-0D0D-468B-A140-C9A1B7A6CE6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_session_manager:7.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "07BB35D4-9CCD-43D3-B482-E0BEB3BF2351",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB468FEE-A0F4-49A0-BBEE-10D0733C87D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:endeca_server:7.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB290045-2140-47EE-9BB4-35BAE8F1599C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "98F3E643-4B65-4668-BB11-C61ED54D5A53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "459B4A5F-A6BD-4A1C-B6B7-C979F005EB70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDCE0E90-495E-4437-8529-3C36441FB69D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83800E2F-804C-485D-A8FA-F4B32CDB4548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "60BEB1C6-C279-4BB0-972C-BE28A6605C09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1CAD50-749F-4ADB-A046-BF3585677A58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C637AC8A-F5F7-447E-A7F6-D6BA7AB45DF9",
              "versionEndIncluding": "5.6.43",
              "versionStartIncluding": "5.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA988288-7D0C-4ADE-BE61-484D2D555A8A",
              "versionEndIncluding": "5.7.25",
              "versionStartIncluding": "5.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E106D13-CBF8-4A2C-8E89-A66C6EF5D408",
              "versionEndIncluding": "8.0.15",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFBC7A65-3C0B-4B17-B087-250E69EE5B12",
              "versionEndIncluding": "4.0.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A443D73A-63BE-4D1F-B605-0F7D20915518",
              "versionEndIncluding": "8.0.14",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71CD99E7-3FE7-42E2-B480-7AA0E543340E",
              "versionEndIncluding": "8.0.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5265C91-FF5C-4451-A7C2-D388A65ACFA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:services_tools_bundle:19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "62DAD71E-A6D5-4CA9-A016-100F2D5114A6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F457852F-D998-4BCF-99FE-09C6DFC8851A",
              "versionEndExcluding": "7.1.15",
              "versionStartIncluding": "7.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA311D7-0ADC-497A-8A47-5AB864F201DE",
              "versionEndExcluding": "8.0.20",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F57DBD8-DCA7-43FB-AC9E-6BDBB3EBE500",
              "versionEndExcluding": "8.1.8",
              "versionStartIncluding": "8.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD1987BB-8F42-48F0-8FE2-70ABD689F434",
              "versionEndExcluding": "9.0.2",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "D107EC29-67E7-40C3-8E5A-324C9105C5E4",
              "versionEndIncluding": "6.8.1",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
              "matchCriteriaId": "FD2FB20C-EC88-4CD3-BC6E-1E65FAFADC36",
              "versionEndExcluding": "6.17.0",
              "versionStartIncluding": "6.9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "74FB695D-2C76-47AB-988E-5629D2E695E5",
              "versionEndIncluding": "8.8.1",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
              "matchCriteriaId": "A94F4836-1873-43F4-916E-9D9B302A053A",
              "versionEndExcluding": "8.15.1",
              "versionStartIncluding": "8.9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)."
    },
    {
      "lang": "es",
      "value": "Si una aplicaci\u00f3n encuentra un error de protocolo \"fatal\" y llama a SSL_shutdown() dos veces (una vez para enviar un close_notify y otra vez para recibir uno de \u00e9stos), posteriormente OpenSLL puede responder de manera diferente a la aplicaci\u00f3n llamante si un registro de 0 byte se recibe con un relleno inv\u00e1lido, comparado con si un registro de 0 bytes se recibe con un MAC inv\u00e1lido."
    }
  ],
  "id": "CVE-2019-1559",
  "lastModified": "2024-11-21T04:36:48.960",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-02-27T23:29:00.277",
  "references": [
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107174"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2304"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2437"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2439"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2471"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3929"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3931"
    },
    {
      "source": "openssl-security@openssl.org",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
    },
    {
      "source": "openssl-security@openssl.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
    },
    {
      "source": "openssl-security@openssl.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-10"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K18549143"
    },
    {
      "source": "openssl-security@openssl.org",
      "url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3899-1/"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://usn.ubuntu.com/4376-2/"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4400"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.openssl.org/news/secadv/20190226.txt"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2019-02"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2019-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107174"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2304"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2437"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3929"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K18549143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3899-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://usn.ubuntu.com/4376-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4400"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.openssl.org/news/secadv/20190226.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2019-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2019-03"
    }
  ],
  "sourceIdentifier": "openssl-security@openssl.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-203"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3919Third Party Advisory
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3954Third Party Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/99842Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1038931Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://cert.vde.com/en-us/advisories/vde-2017-002Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201709-22Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3919Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3954Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99842Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038931Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert.vde.com/en-us/advisories/vde-2017-002Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201709-22Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jrockit r28.3.14
debian debian_linux 9.0
debian debian_linux 10.0
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap 9.6
netapp vasa_provider *
netapp vasa_provider 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0
netapp virtual_storage_console 6.2.2
phoenixcontact fl_mguard_dm *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B1FE26D-1936-475A-B644-BBB4281FB5C1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4022E33-B50C-4B0D-8485-F9091B6E57E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider:*:*:*:*:*:clustered_data_ontap:*:*",
              "matchCriteriaId": "C57F75D8-DF7A-49D1-BB27-FF21661107B3",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider:6.0:*:*:*:*:clustered_data_ontap:*:*",
              "matchCriteriaId": "74118415-7E65-4D4B-A5E8-51D17CE5B6EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "066C2961-E9C4-418E-82AF-1A7C35D5C085",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "C54F036F-C6F9-47B5-AFFA-DD3C1D08DD9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.2.2:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "88B2E009-A457-4C3D-A8CF-84B7F3E8DA90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phoenixcontact:fl_mguard_dm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8556AADE-54E7-4D1B-A5AB-D37EF3B4962E",
              "versionEndIncluding": "1.8.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: 2D). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones en sandbox Java Web Start y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2017-10053",
  "lastModified": "2024-11-21T03:05:15.323",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T15:29:01.773",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99842"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99842"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-11-04 16:15
Modified
2024-11-21 04:33
Summary
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2019/11/05/1Exploit, Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/03/msg00001.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/Vendor Advisory
cve@mitre.orghttps://seclists.org/bugtraq/2020/Jan/10Mailing List, Patch, Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20191205-0001/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4254-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4254-2/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4258-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4284-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4287-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4287-2/Third Party Advisory
cve@mitre.orghttps://www.openwall.com/lists/oss-security/2019/11/02/1Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/11/05/1Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/03/msg00001.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2020/Jan/10Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20191205-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4254-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4254-2/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4258-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4284-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4287-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4287-2/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.openwall.com/lists/oss-security/2019/11/02/1Exploit, Mailing List, Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2342E0A5-8C6E-4EC6-8BC5-418E3F975B9D",
              "versionEndExcluding": "4.4.204",
              "versionStartIncluding": "3.18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED947B00-B3CA-41BF-95D0-122D37F5B7BD",
              "versionEndExcluding": "4.9.204",
              "versionStartIncluding": "4.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4469430-6F48-41B8-AEDF-8B4E6E8AC03B",
              "versionEndExcluding": "4.14.157",
              "versionStartIncluding": "4.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "67C4C528-B25B-4D52-8A88-5052932CEEDF",
              "versionEndExcluding": "4.19.87",
              "versionStartIncluding": "4.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A13B4BB5-9419-4DE5-AA55-3BEBC16095D6",
              "versionEndExcluding": "5.3.14",
              "versionStartIncluding": "4.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2217A93-CE4C-44EE-B62F-3697614E9F5E",
              "versionEndExcluding": "5.4.1",
              "versionStartIncluding": "5.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EF46487-B64A-454E-AECC-D74B83170ACD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "046FB51E-B768-44D3-AEB5-D857145CA840",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDD92BFA-9117-4E6E-A13F-ED064B4B7284",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B7DA42F-5D64-4967-A2D4-6210FE507841",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E73901F-666D-4D8B-BDFD-93DD2F70C74B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:8300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0FD5AED-42CF-4918-B32C-D675738EF15C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "34B25BEF-8708-4E2C-8BA6-EBCD5267EB04",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:8700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE0F11D2-B5D9-46B4-BFC5-C86BC87D516A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "04E3BD77-8915-4FFC-8483-5DB5D610F829",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:a400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97E94ECB-BB51-4364-BEDD-8648C193196F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en el archivo drivers/media/platform/vivid en el kernel de Linux versiones hasta 5.3.8. Esto es explotable para una escalada de privilegios en algunas distribuciones de Linux donde los usuarios locales tienen acceso a /dev/video0, pero solo si el controlador ha sido cargado. Se presenta varias condiciones de carrera durante la detenci\u00f3n de la transmisi\u00f3n en este controlador (parte del subsistema V4L2). Estos problemas son causados ??por el bloqueo de mutex incorrecto en las funciones vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming() y los kthreads correspondientes. Al menos una de estas condiciones de carrera conlleva a un uso de la memoria previamente liberada."
    }
  ],
  "id": "CVE-2019-18683",
  "lastModified": "2024-11-21T04:33:31.440",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-04T16:15:11.327",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/11/05/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Jan/10"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4254-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4254-2/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4258-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4284-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4287-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4287-2/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2019/11/02/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/11/05/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Jan/10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4254-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4254-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4258-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4284-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4287-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4287-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2019/11/02/1"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        },
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-01-11 19:29
Modified
2024-11-21 03:53
Summary
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.
References
secalert@redhat.comhttp://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.htmlThird Party Advisory, VDB Entry
secalert@redhat.comhttp://seclists.org/fulldisclosure/2019/May/21Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2019/05/10/4Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/106527Third Party Advisory, VDB Entry
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2019:2091Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2019:3222Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2020:0593Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866Issue Tracking, Patch, Third Party Advisory
secalert@redhat.comhttps://seclists.org/bugtraq/2019/May/25Mailing List, Third Party Advisory
secalert@redhat.comhttps://security.gentoo.org/glsa/201903-07Third Party Advisory
secalert@redhat.comhttps://security.netapp.com/advisory/ntap-20190117-0001/Third Party Advisory
secalert@redhat.comhttps://usn.ubuntu.com/3855-1/Third Party Advisory
secalert@redhat.comhttps://www.debian.org/security/2019/dsa-4367Third Party Advisory
secalert@redhat.comhttps://www.qualys.com/2019/01/09/system-down/system-down.txtExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2019/May/21Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/05/10/4Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/106527Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:2091Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3222Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0593Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/May/25Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201903-07Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190117-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3855-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4367Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.qualys.com/2019/01/09/system-down/system-down.txtExploit, Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "026806D8-B8D6-4C1C-8E1F-32096D38C937",
              "versionEndIncluding": "239",
              "versionStartIncluding": "221",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "83077160-BB98-408B-81F0-8EF9E566BF28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD53FA62-3E99-4D0B-8C62-4517F5CB8DE9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F6FA12B-504C-4DBF-A32E-0548557AA2ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "35A9FD70-E9CA-43AF-A453-E41EAB430E7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_\\(structure_a\\):7_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "6207D51C-883B-4B65-B9BF-408197839BE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7614783-C95A-4CBC-81D9-21A044001B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CDCFF34-6F1D-45A1-BE37-6A0E17B04801",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "83D5DE4F-4616-488D-ABA8-FD608784237E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "656C4506-ECDD-44D7-BFC7-35B1A3E33DF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37CE1DC7-72C5-483C-8921-0B462C8284D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C81C5D4E-3CAD-43CE-82BC-B0619CA3A74A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B5CF5A-D48E-4AD0-91E2-F5BDD44B7A66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C7E9628-0915-4C49-8929-F5E060A20CBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C450C83-695F-4408-8B4F-0E7D6DDAE345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon \u0027:\u0027. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto una lectura fuera de l\u00edmites en systemd-journald en la forma en la que analiza mensajes de registro que terminan con dos puntos \":\". Un atacante local puede emplear este error para divulgar datos de la memoria del proceso. Son vulnerables las versiones desde la v221 hasta la v239."
    }
  ],
  "id": "CVE-2018-16866",
  "lastModified": "2024-11-21T03:53:28.947",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-11T19:29:00.233",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/May/21"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/05/10/4"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106527"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2091"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3222"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0593"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/May/25"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-07"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190117-0001/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3855-1/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4367"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.qualys.com/2019/01/09/system-down/system-down.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/May/21"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/05/10/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106527"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2091"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3222"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0593"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/May/25"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-07"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190117-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3855-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4367"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.qualys.com/2019/01/09/system-down/system-down.txt"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        },
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3919Third Party Advisory
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3954Third Party Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/99782Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1038931Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
secalert_us@oracle.comhttps://cert.vde.com/en-us/advisories/vde-2017-002Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201709-22Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3919Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3954Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99782Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038931Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert.vde.com/en-us/advisories/vde-2017-002Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201709-22Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B1FE26D-1936-475A-B644-BBB4281FB5C1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phoenixcontact:fl_mguard_dm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8556AADE-54E7-4D1B-A5AB-D37EF3B4962E",
              "versionEndIncluding": "1.8.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: JCE). Las versiones compatibles que se han visto afectadas son Java SE: 7u141 y 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos de suma importancia o un acceso completo a todos los datos accesibles de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start en sandbox o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 7.5 (impactos en la confidencialidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
    }
  ],
  "id": "CVE-2017-10118",
  "lastModified": "2024-11-21T03:05:25.390",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T15:29:03.880",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99782"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99782"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-06-22 19:29
Modified
2024-11-21 03:45
Summary
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AC29420-F772-43D0-89AE-2071F4838B2E",
              "versionEndIncluding": "9.4.8",
              "versionStartIncluding": "9.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "20B49859-49F0-439B-AEF8-79EF71DA0D73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C82200F-A26E-4AD4-82FF-DC5601A28D52",
              "versionEndIncluding": "11.40",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hyper_converged_infrastructure:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "893C0367-DD1A-4754-B9E0-4944344108EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "34B80C9D-62AA-42FA-AB46-F8A414FCBE5E",
              "versionEndIncluding": "3.1.3",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C18CA4B5-28FD-4199-B1F0-B1E59E920370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB15BCF1-1B1D-49D8-9B76-46DCB10044DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "912520F1-3717-457F-9F05-88BDAB3E5DF9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem\u0027s storage for the FileSessionDataStore."
    },
    {
      "lang": "es",
      "value": "En Eclipse Jetty, desde la versi\u00f3n 9.4.0 hasta la 9.4.8, al emplear el FileSessionDataStore opcional provisto por Jetty para el almacenamiento persistente de detalles HttpSession, es posible que un usuario malicioso acceda/secuestre otras HttpSessions e incluso elimine HttpSessions sin coincidencias presentes en el almacenamiento FileSystem para FileSessionDataStore."
    }
  ],
  "id": "CVE-2018-12538",
  "lastModified": "2024-11-21T03:45:23.610",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-06-22T19:29:00.220",
  "references": [
    {
      "source": "emo@eclipse.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041194"
    },
    {
      "source": "emo@eclipse.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20181014-0001/"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041194"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20181014-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    }
  ],
  "sourceIdentifier": "emo@eclipse.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-6"
        }
      ],
      "source": "emo@eclipse.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-384"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-02-24 00:29
Modified
2024-11-21 04:50
Summary
An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/107139Third Party Advisory, VDB Entry
cve@mitre.orghttps://security.gentoo.org/glsa/202107-24Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20190314-0003/Patch, Third Party Advisory
cve@mitre.orghttps://sourceware.org/bugzilla/show_bug.cgi?id=24243Exploit, Issue Tracking, Third Party Advisory
cve@mitre.orghttps://support.f5.com/csp/article/K00056379Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4336-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/107139Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202107-24Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190314-0003/Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://sourceware.org/bugzilla/show_bug.cgi?id=24243Exploit, Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.f5.com/csp/article/K00056379Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4336-1/Third Party Advisory
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:binutils:2.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A276274-BE53-4BC8-B3E4-3DF151E5FC7D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700",
              "versionEndIncluding": "5.1.0",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en GNU Binutils 2.32. Es un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en process_mips_specific en readelf.c mediante una secci\u00f3n de opci\u00f3n MIPS mal formada."
    }
  ],
  "id": "CVE-2019-9077",
  "lastModified": "2024-11-21T04:50:56.487",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-02-24T00:29:00.597",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107139"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-24"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190314-0003/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24243"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K00056379"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4336-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107139"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190314-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24243"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K00056379"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4336-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-02-16 19:15
Modified
2024-11-21 06:22
Summary
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "037A6DFB-B41D-4CC7-86C1-A201809B79C4",
              "versionEndExcluding": "5.15",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality."
    },
    {
      "lang": "es",
      "value": "Se observ\u00f3 un problema de carrera en el la funci\u00f3n vt_k_ioctl en el archivo drivers/tty/vt/vt_ioctl.c en el kernel de Linux, que puede causar una lectura fuera de l\u00edmites en vt ya que el acceso de escritura a vc_mode no est\u00e1 protegido por el bloqueo de vt_ioctl (KDSETMDE). La mayor amenaza de esta vulnerabilidad es para la confidencialidad de los datos"
    }
  ],
  "id": "CVE-2021-3753",
  "lastModified": "2024-11-21T06:22:20.623",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-02-16T19:15:08.647",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999589"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/2287a51ba822384834dafc1c798453375d1107c7"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20221028-0003/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2021/09/01/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999589"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/2287a51ba822384834dafc1c798453375d1107c7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20221028-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2021/09/01/4"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        },
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-05-09 21:15
Modified
2024-11-21 05:00
Summary
An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17Mailing List, Patch, Vendor Advisory
cve@mitre.orghttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932dExploit, Mailing List, Patch, Vendor Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/06/msg00011.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/06/msg00013.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lkml.org/lkml/2020/2/3/559Exploit, Mailing List, Patch, Technical Description
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200608-0001/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4391-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932dExploit, Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/06/msg00011.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/06/msg00013.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lkml.org/lkml/2020/2/3/559Exploit, Mailing List, Patch, Technical Description
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200608-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4391-1/Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "816D2241-78E2-4919-9B29-C2CF0F6BDB67",
              "versionEndExcluding": "5.4.17",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F921BC85-568E-4B69-A3CD-CF75C76672F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDD92BFA-9117-4E6E-A13F-ED064B4B7284",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B7DA42F-5D64-4967-A2D4-6210FE507841",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89612649-BACF-4FAC-9BA4-324724FD93A6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D9B255-C1AF-42D1-BF9B-13642FBDC080",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5921A877-18BF-43FE-915C-D226E140ACFC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7296A1F2-D315-4FD5-8A73-65C480C855BE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en el kernel de Linux versiones anteriores a 5.4.17. El archivo drivers/spi/spi-dw.c, permite a atacantes causar un p\u00e1nico por medio de llamadas concurrentes a las funciones dw_spi_irq y dw_spi_transfer_one, tambi\u00e9n se conoce como CID-19b61392c5a8."
    }
  ],
  "id": "CVE-2020-12769",
  "lastModified": "2024-11-21T05:00:15.053",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-05-09T21:15:11.100",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Patch",
        "Technical Description"
      ],
      "url": "https://lkml.org/lkml/2020/2/3/559"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4391-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Patch",
        "Technical Description"
      ],
      "url": "https://lkml.org/lkml/2020/2/3/559"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4391-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-662"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/101348Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1039596Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2998Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3047Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3264Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3267Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3268Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201710-31Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201711-14Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2017/dsa-4015Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2017/dsa-4048Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101348Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039596Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2998Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3047Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3264Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3267Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3268Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201710-31Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201711-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4015Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4048Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 1.9.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 1.9.0
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_management_plug-ins -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp e-series_santricity_web_services -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp oncommand_workflow_automation -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
              "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: JAXP). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9; Java SE Embedded: 8u144. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) en Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2017-10349",
  "lastModified": "2024-11-21T03:05:58.983",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-19T17:29:04.140",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101348"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2998"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3047"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3264"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3267"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3268"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-14"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4015"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101348"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2998"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4048"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-08-08 20:15
Modified
2024-11-21 06:16
Summary
net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "899BD8D1-E0DF-40D5-AE89-966542B4F09E",
              "versionEndExcluding": "5.12.19",
              "versionStartIncluding": "5.11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C97AEB3-19D7-4AD5-AE45-466EC5444F87",
              "versionEndExcluding": "5.13.4",
              "versionStartIncluding": "5.13.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations."
    },
    {
      "lang": "es",
      "value": "El archivo net/sunrpc/xdr.c en el kernel de Linux versiones anteriores a 5.13.4, permite a atacantes remotos causar una denegaci\u00f3n de servicio (acceso fuera de los l\u00edmites de xdr_set_page_base) al llevar a cabo muchas operaciones NFS 4.2 READ_PLUS"
    }
  ],
  "id": "CVE-2021-38201",
  "lastModified": "2024-11-21T06:16:38.697",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-08-08T20:15:07.147",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3919Third Party Advisory
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3954Third Party Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/99659Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1038931Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201709-22Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3919Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3954Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99659Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038931Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201709-22Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
debian debian_linux 8.0
debian debian_linux 9.0
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap 9.6
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: ImageIO). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 9.6 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    }
  ],
  "id": "CVE-2017-10089",
  "lastModified": "2024-11-21T03:05:20.607",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.6,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T15:29:02.773",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99659"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99659"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/101384Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1039596Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2998Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3047Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3264Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3267Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3268Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201710-31Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201711-14Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2017/dsa-4015Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2017/dsa-4048Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101384Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039596Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2998Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3047Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3264Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3267Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3268Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201710-31Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201711-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4015Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4048Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 1.9.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 1.9.0
oracle jrockit r28.3.15
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_management_plug-ins -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp e-series_santricity_web_services -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp oncommand_workflow_automation -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "66CB92D2-A529-4912-9D59-40EAC3F5D674",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
              "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: Networking). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por HTTP comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Aunque la vulnerabilidad est\u00e1 presente en Java SE, Java SE Embedded y JRockit, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso no autorizado de actualizaci\u00f3n, inserci\u00f3n o supresi\u00f3n de algunos de los datos accesibles de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 4.0 (impactos en la integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N)."
    }
  ],
  "id": "CVE-2017-10295",
  "lastModified": "2024-11-21T03:05:51.130",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-19T17:29:02.420",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101384"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2998"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3047"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3264"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3267"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3268"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-14"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4015"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101384"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2998"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4048"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-03-06 20:29
Modified
2024-11-21 04:11
Summary
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
References
cve@mitre.orghttp://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttp://support.ntp.org/bin/view/Main/NtpBug3412Mitigation, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/541824/100/0/threadedThird Party Advisory, VDB Entry
cve@mitre.orghttp://www.securityfocus.com/bid/103191Third Party Advisory, VDB Entry
cve@mitre.orghttps://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.ascPatch, Third Party Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/201805-12Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20180626-0001/Third Party Advisory
cve@mitre.orghttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
cve@mitre.orghttps://usn.ubuntu.com/3707-1/Third Party Advisory
cve@mitre.orghttps://www.exploit-db.com/exploits/45846/Exploit, Third Party Advisory, VDB Entry
cve@mitre.orghttps://www.synology.com/support/security/Synology_SA_18_13Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://support.ntp.org/bin/view/Main/NtpBug3412Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/541824/100/0/threadedThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103191Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.ascPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201805-12Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180626-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3707-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/45846/Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.synology.com/support/security/Synology_SA_18_13Third Party Advisory
Impacted products
Vendor Product Version
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
canonical ubuntu_linux 17.10
canonical ubuntu_linux 18.04
netapp element_software -



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*",
              "matchCriteriaId": "0BC62D4E-D519-458C-BE4E-10DDB73A97D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
              "matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
              "matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*",
              "matchCriteriaId": "F12E4CF5-536C-416B-AD8D-6AE7CBE22C71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*",
              "matchCriteriaId": "EE002C76-406D-4F22-B738-E17BDEA70BCC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10."
    },
    {
      "lang": "es",
      "value": "el m\u00e9todo ctl_getitem en ntpd en ntp, en versiones 4.2.8p6 anteriores a la 4.2.8p11 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) mediante un paquete mode 6 manipulado con una instancia ntpd desde la versi\u00f3n 4.2.8p6 hasta la 4.2.8p10."
    }
  ],
  "id": "CVE-2018-7182",
  "lastModified": "2024-11-21T04:11:44.437",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-06T20:29:01.377",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/NtpBug3412"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103191"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201805-12"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3707-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/45846/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/support/security/Synology_SA_18_13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/NtpBug3412"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201805-12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3707-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/45846/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/support/security/Synology_SA_18_13"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3919Third Party Advisory
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3954Third Party Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/99846Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1038931Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://cert.vde.com/en-us/advisories/vde-2017-002Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201709-22Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3919Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3954Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99846Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038931Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert.vde.com/en-us/advisories/vde-2017-002Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201709-22Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jrockit r28.3.14
debian debian_linux 8.0
debian debian_linux 9.0
phoenixcontact fl_mguard_dm *
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp oncommand_unified_manager 7.1
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap 9.6
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B1FE26D-1936-475A-B644-BBB4281FB5C1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phoenixcontact:fl_mguard_dm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8556AADE-54E7-4D1B-A5AB-D37EF3B4962E",
              "versionEndIncluding": "1.8.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "212E1878-1B9A-4CB4-A1CE-EAD60B867161",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:7.1:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "A692982A-DED0-42C8-BC5B-F25314309F4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: Serialization). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos de esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start en sandbox o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2017-10108",
  "lastModified": "2024-11-21T03:05:23.547",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T15:29:03.553",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99846"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99846"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-06-21 15:15
Modified
2024-11-21 07:00
Severity ?
Summary
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
References
openssl-security@openssl.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdfThird Party Advisory
openssl-security@openssl.orghttps://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa
openssl-security@openssl.orghttps://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9
openssl-security@openssl.orghttps://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7
openssl-security@openssl.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/
openssl-security@openssl.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/
openssl-security@openssl.orghttps://security.netapp.com/advisory/ntap-20220707-0008/Third Party Advisory
openssl-security@openssl.orghttps://www.debian.org/security/2022/dsa-5169Third Party Advisory
openssl-security@openssl.orghttps://www.openssl.org/news/secadv/20220621.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa
af854a3a-2127-422b-91ae-364da2661108https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9
af854a3a-2127-422b-91ae-364da2661108https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20220707-0008/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2022/dsa-5169Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.openssl.org/news/secadv/20220621.txtVendor Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9B6EB2C-EF9B-44AF-B083-BF59B8107801",
              "versionEndExcluding": "1.0.2zf",
              "versionStartIncluding": "1.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EAA5CAF-1DE6-4730-9E07-9E6594A5D6BF",
              "versionEndExcluding": "1.1.1p",
              "versionStartIncluding": "1.1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4188DBDA-354F-4939-904D-0A9F8A8AB703",
              "versionEndExcluding": "3.0.4",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C89891C1-DFD7-4E1F-80A9-7485D86A15B5",
              "versionEndExcluding": "1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "4664B195-AF14-4834-82B3-0B2C98020EB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "75BC588E-CDF0-404E-AD61-02093A1DF343",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "A334F7B4-7283-4453-BAED-D2E01B7F8A6E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:ontap_antivirus_connector:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "759D1A24-B23B-404E-AD39-F18D7DBAD501",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "361B791A-D336-4431-8F68-8135BEFFAEA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:hyper-v:*:*",
              "matchCriteriaId": "80774A35-B0B8-4F9C-99CA-23849978D158",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5921A877-18BF-43FE-915C-D226E140ACFC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7296A1F2-D315-4FD5-8A73-65C480C855BE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89612649-BACF-4FAC-9BA4-324724FD93A6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D9B255-C1AF-42D1-BF9B-13642FBDC080",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:fas_8300_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5CDADAB-72A5-4526-8432-E6C9AC56B29F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:fas_8300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E64576DE-90F0-4F5E-9C82-AB745CFEDBB7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:fas_8700_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF5AFE69-7990-4F80-9E63-D8AD58AA3A2D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:fas_8700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6415E28A-4EAC-4F7F-BD81-1A55CE8B6F40",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:fas_a400_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAA3A789-79F7-4DC8-9722-3958A3162EB4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:fas_a400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "18C138F0-706F-44A8-880E-133F66DE164A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:aff_8300_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA79D39A-A5F2-4C44-A805-5113065F8C25",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:aff_8300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CA55FBD-6EBA-49C8-92BA-2B1BCCB18A3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:aff_8700_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "70ECC434-DF20-49A6-B4CF-D5CCA480E57D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:aff_8700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "232DC609-8023-41F9-8CE3-1B31CE2F2D93",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56FD9B9A-BBE5-4CA5-B9F9-B16E1FE738C8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3E70A56-DBA8-45C7-8C49-1A036501156F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:broadcom:sannav:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5BAE3DB-F5EE-4AFB-A60E-FE8B809BDE66",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze)."
    },
    {
      "lang": "es",
      "value": "Adem\u00e1s de una inyecci\u00f3n de comandos de shell c_rehash identificada en CVE-2022-1292, se encontraron otras circunstancias en las que el script c_rehash no sanea adecuadamente los metacaracteres de shell para evitar la inyecci\u00f3n de comandos mediante la revisi\u00f3n del c\u00f3digo. Cuando fue corregida la CVE-2022-1292 no ha sido detectado que se presentan otros lugares en el script en los que los nombres de archivo de los certificados a los que es aplicado el hash son pasados posiblemente a un comando ejecutado mediante el shell. Este script es distribuido por algunos sistemas operativos de manera que es ejecutado autom\u00e1ticamente. En dichos sistemas operativos, un atacante podr\u00eda ejecutar comandos arbitrarios con los privilegios del script. El uso del script c_rehash es considerado obsoleto y debe ser sustituido por la herramienta de l\u00ednea de comandos OpenSSL rehash. Corregido en OpenSSL versi\u00f3n 3.0.4 (Afectados 3.0.0,3.0.1,3.0.2,3.0.3). Corregido en OpenSSL versi\u00f3n 1.1.1p (Afectado 1.1.1-1.1.1o). Corregido en OpenSSL versi\u00f3n 1.0.2zf (Afectado 1.0.2-1.0.2ze)"
    }
  ],
  "id": "CVE-2022-2068",
  "lastModified": "2024-11-21T07:00:16.017",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-06-21T15:15:09.060",
  "references": [
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
    },
    {
      "source": "openssl-security@openssl.org",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa"
    },
    {
      "source": "openssl-security@openssl.org",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9"
    },
    {
      "source": "openssl-security@openssl.org",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7"
    },
    {
      "source": "openssl-security@openssl.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/"
    },
    {
      "source": "openssl-security@openssl.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220707-0008/"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5169"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.openssl.org/news/secadv/20220621.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220707-0008/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.openssl.org/news/secadv/20220621.txt"
    }
  ],
  "sourceIdentifier": "openssl-security@openssl.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/101319Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1039596Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2998Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3047Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3264Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3267Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3268Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201710-31Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201711-14Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2017/dsa-4015Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2017/dsa-4048Third Party Advisory
secalert_us@oracle.comhttps://www.synology.com/support/security/Synology_SA_17_66_OpenJDKThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101319Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039596Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2998Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3047Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3264Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3267Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3268Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201710-31Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201711-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4015Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4048Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.synology.com/support/security/Synology_SA_17_66_OpenJDKThird Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 1.9.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 1.9.0
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_worksation 6.0
redhat enterprise_linux_worksation 7.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_management_plug-ins -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp e-series_santricity_web_services -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp oncommand_workflow_automation -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0.
netapp virtual_storage_console *
netapp virtual_storage_console 6.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_worksation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "403EECF4-3047-4BBE-90A5-DD2F2E4802D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_worksation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09953EF-7E14-4200-9C77-002841927CB1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
              "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0.:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CAA19EC-9A21-4084-A914-CF12171F940A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: RMI). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9; Java SE Embedded: 8u144. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE y Java SE Embedded, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de aislado Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 9.6 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    }
  ],
  "id": "CVE-2017-10285",
  "lastModified": "2024-11-21T03:05:50.107",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.6,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-19T17:29:02.217",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101319"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2998"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3047"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3264"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3267"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3268"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-14"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4015"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4048"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101319"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2998"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-08-08 20:15
Modified
2024-11-21 06:16
Summary
fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C85356F-2C6C-4FB9-B0CA-949711182223",
              "versionEndExcluding": "5.13.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd."
    },
    {
      "lang": "es",
      "value": "El archivo fs/nfsd/trace.h en el kernel de Linux versiones anteriores a 5.13.4, podr\u00eda permitir a atacantes remotos causar una denegaci\u00f3n de servicio (lectura fuera de los l\u00edmites en strlen) mediante el env\u00edo de tr\u00e1fico NFS cuando el marco de eventos de rastreo se est\u00e1 usando para nfsd"
    }
  ],
  "id": "CVE-2021-38202",
  "lastModified": "2024-11-21T06:16:38.897",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-08-08T20:15:07.180",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-01-14 22:29
Modified
2024-11-21 03:53
Summary
It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FFE2618-BA1B-4FAB-8449-83CAAFCDCFAA",
              "versionEndExcluding": "237",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "83077160-BB98-408B-81F0-8EF9E566BF28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto que systemd no comprueba correctamente el contenido de archivos PIDFile antes de emplearlo para terminar procesos. Cuando un servicio se ejecuta desde un usuario sin privilegios (p.ej. un campo de usuario establecido en el archivo de servicio) un atacante local capaz de escribir en el archivo PIDFile del servicio mencionado podr\u00eda aprovechar este fallo para enga\u00f1ar a systemd para que termine otros servicios y/o procesos privilegiados. Las versiones anteriores a la v237 son vulnerables."
    }
  ],
  "id": "CVE-2018-16888",
  "lastModified": "2024-11-21T03:53:32.423",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 1.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-14T22:29:00.233",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2091"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74%40%3Cuser.cassandra.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190307-0007/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4269-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2091"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74%40%3Cuser.cassandra.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190307-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4269-1/"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-250"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).
References
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3919Third Party Advisory
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3954Third Party Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/99818Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1038931Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
secalert_us@oracle.comhttps://cert.vde.com/en-us/advisories/vde-2017-002Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201709-22Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3919Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3954Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99818Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038931Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert.vde.com/en-us/advisories/vde-2017-002Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201709-22Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jrockit r28.3.14
phoenixcontact fl_mguard_dm *
debian debian_linux 8.0
debian debian_linux 9.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap 9.6
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console -
netapp virtual_storage_console 6.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B1FE26D-1936-475A-B644-BBB4281FB5C1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phoenixcontact:fl_mguard_dm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8556AADE-54E7-4D1B-A5AB-D37EF3B4962E",
              "versionEndIncluding": "1.8.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "D8236A99-A6FC-4C71-A506-55B48FCD3A44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EAA5561-CA42-457A-B63E-96A79258758B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: Security). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Aunque la vulnerabilidad est\u00e1 presente en Java SE, Java SE Embedded y JRockit, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos de suma importancia o un acceso completo a todos los datos accesibles de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 6.8 (impactos en la confidencialidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)."
    }
  ],
  "id": "CVE-2017-10198",
  "lastModified": "2024-11-21T03:05:36.940",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T15:29:05.837",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99818"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99818"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-07-07 13:15
Modified
2024-11-21 07:05
Severity ?
Summary
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
References
support@hackerone.comhttp://seclists.org/fulldisclosure/2022/Oct/28Mailing List, Third Party Advisory
support@hackerone.comhttp://seclists.org/fulldisclosure/2022/Oct/41Mailing List, Third Party Advisory
support@hackerone.comhttps://hackerone.com/reports/1573634Exploit, Third Party Advisory
support@hackerone.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/Mailing List, Third Party Advisory
support@hackerone.comhttps://security.gentoo.org/glsa/202212-01Third Party Advisory
support@hackerone.comhttps://security.netapp.com/advisory/ntap-20220915-0003/Third Party Advisory
support@hackerone.comhttps://support.apple.com/kb/HT213488Third Party Advisory
support@hackerone.comhttps://www.debian.org/security/2022/dsa-5197Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2022/Oct/28Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2022/Oct/41Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://hackerone.com/reports/1573634Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202212-01Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20220915-0003/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT213488Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2022/dsa-5197Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6ECDBA5-3DD5-4F58-9E05-14A4C7A4E44B",
              "versionEndExcluding": "7.84.0",
              "versionStartIncluding": "7.69.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71E032AD-F827-4944-9699-BB1E6D4233FC",
              "versionEndExcluding": "13.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D",
              "versionEndExcluding": "8.2.12",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32",
              "versionEndExcluding": "9.0.6",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "When curl \u003c 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended."
    },
    {
      "lang": "es",
      "value": "Cuando curl versiones anteriores a 7.84.0, guarda datos de cookies, alt-svc y hsts en archivos locales, hace que la operaci\u00f3n sea at\u00f3mica al finalizar la operaci\u00f3n con un renombramiento de un nombre temporal al nombre final del archivo de destino. En esa operaci\u00f3n de renombramiento, podr\u00eda accidentalmente *ampliar* los permisos del archivo de destino, dejando el archivo actualizado accesible a m\u00e1s usuarios de los previstos"
    }
  ],
  "id": "CVE-2022-32207",
  "lastModified": "2024-11-21T07:05:55.320",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-07T13:15:08.403",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/1573634"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202212-01"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213488"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5197"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/1573634"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202212-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213488"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5197"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-840"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-05-18 18:15
Modified
2024-11-21 05:00
Summary
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1cMailing List, Patch, Vendor Advisory
cve@mitre.orghttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1fPatch, Vendor Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/06/msg00011.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/06/msg00012.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/06/msg00013.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200608-0001/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4411-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4412-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4413-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4414-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4419-1/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2020/dsa-4698Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2020/dsa-4699Third Party Advisory
cve@mitre.orghttps://www.spinics.net/lists/linux-usb/msg194331.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1cMailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1fPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/06/msg00011.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/06/msg00012.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/06/msg00013.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200608-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4411-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4412-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4413-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4414-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4419-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4698Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4699Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.spinics.net/lists/linux-usb/msg194331.htmlThird Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4679B03-664B-40B0-91D8-597E13ED6B42",
              "versionEndIncluding": "5.6.13",
              "versionStartIncluding": "3.16",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "090AA6F4-4404-4E26-82AB-C3A22636F276",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDD92BFA-9117-4E6E-A13F-ED064B4B7284",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B7DA42F-5D64-4967-A2D4-6210FE507841",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89612649-BACF-4FAC-9BA4-324724FD93A6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D9B255-C1AF-42D1-BF9B-13642FBDC080",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5921A877-18BF-43FE-915C-D226E140ACFC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7296A1F2-D315-4FD5-8A73-65C480C855BE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal \u0027\\0\u0027 value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4."
    },
    {
      "lang": "es",
      "value": "En la funci\u00f3n gadget_dev_desc_UDC_store en el archivo drivers/usb/gadget/configfs.c en el kernel de Linux versi\u00f3n 3.16 hasta la versi\u00f3n 5.6.13, se basa en kstrdup sin considerar la posibilidad de un valor \"\\0\" interno, lo que permite a atacantes desencadenar una lectura fuera de l\u00edmites, tambi\u00e9n se conoce como CID-15753588bcd4"
    }
  ],
  "id": "CVE-2020-13143",
  "lastModified": "2024-11-21T05:00:44.170",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-05-18T18:15:11.347",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4411-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4412-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4413-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4414-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4419-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4698"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4699"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.spinics.net/lists/linux-usb/msg194331.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4411-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4412-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4413-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4414-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4419-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4698"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4699"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.spinics.net/lists/linux-usb/msg194331.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3919Third Party Advisory
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3954Third Party Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/99734Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1038931Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://cert.vde.com/en-us/advisories/vde-2017-002Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201709-22Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3919Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3954Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99734Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038931Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert.vde.com/en-us/advisories/vde-2017-002Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201709-22Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jrockit r28.3.14
phoenixcontact fl_mguard_dm 1.8.0
debian debian_linux 8.0
debian debian_linux 9.0
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap 9.6
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B1FE26D-1936-475A-B644-BBB4281FB5C1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phoenixcontact:fl_mguard_dm:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DA4F304-3992-42BA-ABB5-5E3A7A066A42",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: Security). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE, Java SE Embedded y JRockit, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start en sandbox o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 8.3 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    }
  ],
  "id": "CVE-2017-10116",
  "lastModified": "2024-11-21T03:05:25.050",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T15:29:03.820",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99734"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99734"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3919Third Party Advisory
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3954Third Party Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/99774Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1038931Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://cert.vde.com/en-us/advisories/vde-2017-002Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201709-22Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3919Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3954Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99774Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038931Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert.vde.com/en-us/advisories/vde-2017-002Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201709-22Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jrockit r28.3.14
debian debian_linux 8.0
debian debian_linux 9.0
phoenixcontact fl_mguard_dm *
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap 9.6
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B1FE26D-1936-475A-B644-BBB4281FB5C1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phoenixcontact:fl_mguard_dm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8556AADE-54E7-4D1B-A5AB-D37EF3B4962E",
              "versionEndIncluding": "1.8.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: JCE). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos de suma importancia o un acceso completo a todos los datos accesibles de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start en sandbox o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 7.5 (impactos en la confidencialidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
    }
  ],
  "id": "CVE-2017-10115",
  "lastModified": "2024-11-21T03:05:24.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T15:29:03.773",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99774"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99774"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-04-29 13:15
Modified
2024-11-21 04:58
Summary
In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.
References
cve@mitre.orghttps://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000Mailing List, Patch, Vendor Advisory
cve@mitre.orghttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574fPatch, Vendor Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200608-0001/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4342-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4343-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4345-1/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2020/dsa-4667Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574fPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200608-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4342-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4343-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4345-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4667Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0FB4B86-B8D8-473E-8D1D-3C058D143AF6",
              "versionEndExcluding": "4.19.119",
              "versionStartIncluding": "4.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ABDE4F3-29C6-459E-B0B7-751B93447AF0",
              "versionEndExcluding": "5.4.36",
              "versionStartIncluding": "4.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D62C084A-6676-40AF-868A-D90CDFAB7DDD",
              "versionEndExcluding": "5.6.8",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "090AA6F4-4404-4E26-82AB-C3A22636F276",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDD92BFA-9117-4E6E-A13F-ED064B4B7284",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B7DA42F-5D64-4967-A2D4-6210FE507841",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89612649-BACF-4FAC-9BA4-324724FD93A6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D9B255-C1AF-42D1-BF9B-13642FBDC080",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux versi\u00f3n 4.9 hasta la versi\u00f3n 5.6.7, en la plataforma s390, una ejecuci\u00f3n de c\u00f3digo puede presentarse debido a una condici\u00f3n de carrera, como es demostrado por el c\u00f3digo en la funci\u00f3n enable_sacf_uaccess en el archivo arch/s390/lib/uaccess.c que presenta un fallo al proteger contra una actualizaci\u00f3n concurrente de la tabla de p\u00e1gina, tambi\u00e9n se conoce como CID-3f777e19d171. Tamb\u00eden podr\u00eda ocurrir un bloqueo"
    }
  ],
  "id": "CVE-2020-11884",
  "lastModified": "2024-11-21T04:58:49.463",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-29T13:15:11.647",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4342-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4343-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4345-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4667"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4342-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4343-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4345-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4667"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).
References
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3919Third Party Advisory
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3954Third Party Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/99756Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1038931Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201709-22Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3919Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3954Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99756Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038931Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201709-22Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
debian debian_linux 8.0
debian debian_linux 9.0
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap 9.6
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0
netapp virtual_storage_console 6.2.2



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4022E33-B50C-4B0D-8485-F9091B6E57E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "066C2961-E9C4-418E-82AF-1A7C35D5C085",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "C54F036F-C6F9-47B5-AFFA-DD3C1D08DD9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.2.2:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "88B2E009-A457-4C3D-A8CF-84B7F3E8DA90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: Security). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en la toma de control de Java SE. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones de Java Web Start en sandbox o applets de Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 7.5 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."
    }
  ],
  "id": "CVE-2017-10067",
  "lastModified": "2024-11-21T03:05:17.363",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T15:29:02.100",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99756"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:06
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/101413Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1039596Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2998Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3047Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3264Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3267Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3268Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201710-31Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201711-14Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2017/dsa-4015Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2017/dsa-4048Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101413Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039596Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2998Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3047Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3264Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3267Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3268Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201710-31Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201711-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4015Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4048Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 1.9.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 1.9.0
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_management_plug-ins -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp e-series_santricity_web_services -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp oncommand_workflow_automation -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
              "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: Security). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar con acceso a la infraestructura en la que se ejecutan Java SE, Java SE Embedded, JRockit comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos de suma importancia o un acceso completo a todos los datos accesibles de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 6.2 (impactos en la confidencialidad). Vector CVSS: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
    }
  ],
  "id": "CVE-2017-10356",
  "lastModified": "2024-11-21T03:06:00.190",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-19T17:29:04.420",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101413"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2998"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3047"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3264"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3267"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3268"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-14"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4015"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2998"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4048"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-06-26 16:29
Modified
2024-11-21 03:32
Severity ?
Summary
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.
References
emo@eclipse.orghttp://www.securitytracker.com/id/1041194Third Party Advisory, VDB Entry
emo@eclipse.orghttps://access.redhat.com/errata/RHSA-2019:0910Third Party Advisory
emo@eclipse.orghttps://bugs.eclipse.org/bugs/show_bug.cgi?id=535668Third Party Advisory
emo@eclipse.orghttps://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/r41af10c4adec8d34a969abeb07fd0d6ad0c86768b751464f1cdd23e8%40%3Ccommits.druid.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae%40%3Ccommits.druid.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574%40%3Ccommits.druid.apache.org%3E
emo@eclipse.orghttps://security.netapp.com/advisory/ntap-20181014-0001/Patch, Third Party Advisory
emo@eclipse.orghttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_usThird Party Advisory
emo@eclipse.orghttps://www.debian.org/security/2018/dsa-4278Third Party Advisory
emo@eclipse.orghttps://www.oracle.com//security-alerts/cpujul2021.html
emo@eclipse.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
emo@eclipse.orghttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1041194Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:0910Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.eclipse.org/bugs/show_bug.cgi?id=535668Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r41af10c4adec8d34a969abeb07fd0d6ad0c86768b751464f1cdd23e8%40%3Ccommits.druid.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae%40%3Ccommits.druid.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574%40%3Ccommits.druid.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20181014-0001/Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4278Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.html
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "486E784F-1FC5-42AA-B144-EDBE5FE9B993",
              "versionEndIncluding": "9.2.26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C513260A-7AD7-44C2-97F0-167B5819475E",
              "versionEndExcluding": "9.3.24",
              "versionStartIncluding": "9.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A720480-0A8A-48FE-85FE-6973DAB7A7D5",
              "versionEndExcluding": "9.4.11",
              "versionStartIncluding": "9.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CF77086-43C1-44DB-A574-61A9A3DD1220",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5F95A41-A496-481C-A906-E0307AC1EA63",
              "versionEndIncluding": "11.50.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "680ECEAE-D73F-47D2-8AF8-7704469CF3EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E902EEC6-9A41-4FBC-8D81-891DF846A5CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_storage_nodes:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "855D6A52-F96F-4CA0-A59C-4D42173F22E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_system_manager:3.x:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BE20EF7-C8A3-4C2A-BE0C-C26452830C31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "97547862-C382-4F46-B393-481D40E924E8",
              "versionEndExcluding": "5.2.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB15BCF1-1B1D-49D8-9B76-46DCB10044DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snap_creator_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E234481-81F5-42D7-A4EC-F71245268D5C",
              "versionEndExcluding": "4.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapcenter:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "33862093-55AD-46CE-97F5-0A00A62766FD",
              "versionEndExcluding": "4.1p3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "41436638-0B88-4823-8208-81C01F2CA6A6",
              "versionEndExcluding": "3.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*",
              "matchCriteriaId": "910F5303-1F70-44E3-A951-567447BC46FF",
              "versionEndExcluding": "3.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:xp_p9000_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "92C306B7-185C-4CC4-8DEF-4C57B61C49AF",
              "versionEndExcluding": "8.6.2-00",
              "versionStartIncluding": "8.4.0-00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:xp_p9000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CC9BC28-72E9-4D53-B388-6A8AB7CFD22E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*",
              "matchCriteriaId": "36FC547E-861A-418C-A314-DA09A457B13A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*",
              "matchCriteriaId": "DF9FEE51-50E3-41E9-AA0D-272A640F85CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*",
              "matchCriteriaId": "E69E905F-2E1A-4462-9082-FF7B10474496",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*",
              "matchCriteriaId": "0F9B692C-8986-4F91-9EF4-2BB1E3B5C133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11DA6839-849D-4CEF-85F3-38FE75E07183",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request."
    },
    {
      "lang": "es",
      "value": "En Eclipse Jetty, en versiones 9.2.x y anteriores, versiones 9.3.x (todas las configuraciones) y versiones 9.4.x (configuraci\u00f3n personalizada con el cumplimiento RFC2616 habilitado), los fragmentos transfer-encoding se gestionan de forma incorrecta. El an\u00e1lisis de longitud de fragmento era vulnerable a un desbordamiento de enteros. As\u00ed, podr\u00eda interpretarse un tama\u00f1o de fragmento grande como un tama\u00f1o menor y el contenido enviado como cuerpo del fragmento podr\u00eda interpretarse como una petici\u00f3n pipelined. Si Jetty se despliega tras un intermediario que impon\u00eda autorizaci\u00f3n y el intermediario permit\u00eda que se pasasen o no se cambiasen grandes fragmentos arbitrarios, este error podr\u00eda emplearse para omitir la autorizaci\u00f3n impuesta por el intermediario, ya que la petici\u00f3n pipelined falsa no ser\u00eda interpretada por el intermediario como una petici\u00f3n."
    }
  ],
  "id": "CVE-2017-7657",
  "lastModified": "2024-11-21T03:32:23.613",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-06-26T16:29:00.257",
  "references": [
    {
      "source": "emo@eclipse.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041194"
    },
    {
      "source": "emo@eclipse.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:0910"
    },
    {
      "source": "emo@eclipse.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535668"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r41af10c4adec8d34a969abeb07fd0d6ad0c86768b751464f1cdd23e8%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20181014-0001/"
    },
    {
      "source": "emo@eclipse.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03953en_us"
    },
    {
      "source": "emo@eclipse.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4278"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "emo@eclipse.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "emo@eclipse.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041194"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:0910"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535668"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r41af10c4adec8d34a969abeb07fd0d6ad0c86768b751464f1cdd23e8%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20181014-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03953en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4278"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    }
  ],
  "sourceIdentifier": "emo@eclipse.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-444"
        }
      ],
      "source": "emo@eclipse.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        },
        {
          "lang": "en",
          "value": "CWE-444"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-03-08 20:29
Modified
2024-11-21 04:11
Severity ?
Summary
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.
References
cve@mitre.orghttp://support.ntp.org/bin/view/Main/NtpBug3414Vendor Advisory
cve@mitre.orghttp://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_SVendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/103351Third Party Advisory, VDB Entry
cve@mitre.orghttps://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.ascThird Party Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/201805-12Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20180626-0001/Third Party Advisory
cve@mitre.orghttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
cve@mitre.orghttps://usn.ubuntu.com/3707-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/3707-2/Third Party Advisory
cve@mitre.orghttps://www.oracle.com//security-alerts/cpujul2021.html
cve@mitre.orghttps://www.synology.com/support/security/Synology_SA_18_13Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.ntp.org/bin/view/Main/NtpBug3414Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_SVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103351Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.ascThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201805-12Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180626-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3707-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3707-2/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.html
af854a3a-2127-422b-91ae-364da2661108https://www.synology.com/support/security/Synology_SA_18_13Third Party Advisory
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*",
              "matchCriteriaId": "0BC62D4E-D519-458C-BE4E-10DDB73A97D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
              "matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
              "matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*",
              "matchCriteriaId": "F12E4CF5-536C-416B-AD8D-6AE7CBE22C71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*",
              "matchCriteriaId": "EE002C76-406D-4F22-B738-E17BDEA70BCC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E102E760-362C-4DC7-BDED-E2CF9F94ECE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD5B9266-A927-4F62-8742-721CE9A4C4C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5753931-556B-4EEC-B510-751BA3613CE6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en la funci\u00f3n decodearr en ntpq en ntp, desde la versi\u00f3n 4.2.8p6 hasta la 4.2.8p10, permite que atacantes remotos ejecuten c\u00f3digo arbitrario aprovechando una consulta ntpq y enviando una respuesta con un array manipulado."
    }
  ],
  "id": "CVE-2018-7183",
  "lastModified": "2024-11-21T04:11:44.593",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-08T20:29:00.423",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/NtpBug3414"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103351"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201805-12"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3707-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3707-2/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/support/security/Synology_SA_18_13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/NtpBug3414"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201805-12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3707-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3707-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/support/security/Synology_SA_18_13"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3919Third Party Advisory
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3954Third Party Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/99643Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1038931Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201709-22Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3919Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3954Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99643Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038931Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201709-22Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
debian debian_linux 8.0
debian debian_linux 9.0
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap 9.6
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: AWT). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 9.6 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    }
  ],
  "id": "CVE-2017-10110",
  "lastModified": "2024-11-21T03:05:23.953",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.6,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T15:29:03.617",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99643"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99643"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-05-05 06:15
Modified
2024-11-21 04:59
Summary
An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2020/05/08/2Mailing List, Third Party Advisory
cve@mitre.orghttps://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4Release Notes, Vendor Advisory
cve@mitre.orghttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4dPatch, Vendor Advisory
cve@mitre.orghttps://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4dPatch, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/06/msg00011.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/06/msg00012.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/06/msg00013.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200608-0001/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2020/dsa-4698Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2020/05/08/2Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4dPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4dPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/06/msg00011.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/06/msg00012.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/06/msg00013.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200608-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4698Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "25611CC0-E1DB-4D7B-82DF-D16CB8355844",
              "versionEndExcluding": "5.5.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F921BC85-568E-4B69-A3CD-CF75C76672F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDD92BFA-9117-4E6E-A13F-ED064B4B7284",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B7DA42F-5D64-4967-A2D4-6210FE507841",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89612649-BACF-4FAC-9BA4-324724FD93A6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D9B255-C1AF-42D1-BF9B-13642FBDC080",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5921A877-18BF-43FE-915C-D226E140ACFC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7296A1F2-D315-4FD5-8A73-65C480C855BE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en el kernel de Linux versiones anteriores a 5.5.4. La funci\u00f3n mwifiex_cmd_append_vsie_tlv() en el archivo drivers/net/wireless/marvell/mwifiex/scan.c permite a usuarios locales alcanzar privilegios o causar una denegaci\u00f3n de servicio debido a una memcpy incorrecta y al desbordamiento del b\u00fafer, tambi\u00e9n se conoce como CID-b70261a288ea."
    }
  ],
  "id": "CVE-2020-12653",
  "lastModified": "2024-11-21T04:59:59.723",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-05-05T06:15:11.043",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/05/08/2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4698"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/05/08/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4698"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-04-19 21:15
Modified
2024-11-21 06:44
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "079F2588-2746-408B-9BB0-9A569289985B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "51600424-E294-41E0-9C8B-12D0C3456027",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C3D12B98-032F-49A6-B237-E0CAD32D9A25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:java_se:7u331:*:*:*:*:*:*:*",
              "matchCriteriaId": "C15F860C-6B33-4950-B443-E2A7D4639573",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:java_se:8u321:*:*:*:*:*:*:*",
              "matchCriteriaId": "696E27A2-34A2-49A8-BEF4-61718D11DD2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:java_se:11.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A9F8A53-6CBE-45EF-A920-4D448B9CE31F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:java_se:17.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "00AC1B6D-9156-40A3-B606-845CCC33D724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:java_se:18:*:*:*:*:*:*:*",
              "matchCriteriaId": "022EC03C-1574-4421-9AB7-0EEF0D089322",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:azul:zulu:6.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "850B5359-7804-406B-9DC9-D22D65ACEE40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "5522AD81-A23E-47D3-82E4-6D71ECEB1DBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AC61C25-871B-4F6F-A5F0-77359F373681",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "12A59E25-5ED3-4A6D-95F6-45750866E0D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC0DC492-706E-42FE-8757-71873B53C417",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1441FE9-45C5-46C4-BF78-FD5D30F9C80C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "28D25E37-5479-4876-B46C-28FF87384852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:18.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AD8BF00-C510-4E63-8949-CB64E9043610",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones afectadas son Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 y 22.0.0.2. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la capacidad no autorizada de causar una negaci\u00f3n parcial del servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n base 3.7 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)"
    }
  ],
  "id": "CVE-2022-21443",
  "lastModified": "2024-11-21T06:44:42.700",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-04-19T21:15:15.800",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5128"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5131"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5131"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3919Third Party Advisory
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3954Third Party Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/99788Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1038931Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
secalert_us@oracle.comhttps://cert.vde.com/en-us/advisories/vde-2017-002Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201709-22Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3919Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3954Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99788Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038931Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert.vde.com/en-us/advisories/vde-2017-002Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201709-22Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B1FE26D-1936-475A-B644-BBB4281FB5C1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phoenixcontact:fl_mguard_dm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8556AADE-54E7-4D1B-A5AB-D37EF3B4962E",
              "versionEndIncluding": "1.8.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: Security). Las versiones compatibles que se han visto afectadas son Java SE: 7u141 y 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos de suma importancia o un acceso completo a todos los datos accesibles de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start en sandbox o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 7.5 (impactos en la confidencialidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
    }
  ],
  "id": "CVE-2017-10176",
  "lastModified": "2024-11-21T03:05:33.720",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T15:29:05.163",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99788"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99788"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-11-28 07:15
Modified
2024-11-21 05:23
Summary
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F533643-6482-466F-87F2-9446C8214FF5",
              "versionEndExcluding": "4.9.228",
              "versionStartIncluding": "4.5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "82A795AE-6C0D-4C70-93E8-CB1183C8F147",
              "versionEndExcluding": "4.14.185",
              "versionStartIncluding": "4.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "96593438-C71A-47FD-B19B-F54C6E65BDA5",
              "versionEndExcluding": "4.19.129",
              "versionStartIncluding": "4.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "55E407BF-74C3-42AB-8591-2385D5732960",
              "versionEndExcluding": "5.4.48",
              "versionStartIncluding": "4.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "45E1B7E8-BF1C-4AFA-9862-DAE3916A8846",
              "versionEndExcluding": "5.7.5",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en la funci\u00f3n __split_huge_pmd en el archivo mm/huge_memory.c en el kernel de Linux versiones anteriores a 5.7.5. La implementaci\u00f3n copy-on-write puede otorgar acceso de escritura no previsto debido a una condici\u00f3n de carrera en una comprobaci\u00f3n de conteo de mapas THP, tambi\u00e9n se conoce como CID-c444eb564fb1"
    }
  ],
  "id": "CVE-2020-29368",
  "lastModified": "2024-11-21T05:23:55.457",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-11-28T07:15:11.460",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210108-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210108-0002/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-01-31 18:29
Modified
2024-11-21 04:45
Summary
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52D09A55-B853-43B5-8397-E2AC6CD0EBBC",
              "versionEndIncluding": "7.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D0A98E2-B715-4EF5-9CF8-07500E119271",
              "versionEndIncluding": "5.13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E968916-8CE0-4165-851F-14E37ECEA948",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B7A6697-98CC-4E36-93DB-B7160F8399F9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D3A0312-1249-4257-98F1-57E8959989C5",
              "versionEndExcluding": "3.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA8B483F-0FD2-49F8-A86A-672A6E007949",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC0C9671-47BB-43CB-8906-9BC2B86B3229",
              "versionEndExcluding": "3.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C834C295-D600-44E8-9783-49A319084F5A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred."
    },
    {
      "lang": "es",
      "value": "En OpenSSH 7.9, debido a la aceptaci\u00f3n y la nuestra de salidas stderr arbitrarias del servidor, un servidor malicioso (o atacante Man-in-the-Middle) puede manipular la salida del cliente, por ejemplo, para emplear c\u00f3digos de control de ANSI para ocultar los archivos adicionales que se est\u00e1n transfiriendo."
    }
  ],
  "id": "CVE-2019-6110",
  "lastModified": "2024-11-21T04:45:57.737",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-31T18:29:00.807",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes"
      ],
      "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes"
      ],
      "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-16"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190213-0001/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/46193/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-16"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190213-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/46193/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-838"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:06
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/101355Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1039596Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2998Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3047Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3264Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3267Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3268Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201710-31Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201711-14Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2017/dsa-4015Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2017/dsa-4048Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101355Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039596Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2998Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3047Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3264Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3267Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3268Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201710-31Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201711-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4015Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4048Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 1.9.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 1.9.0
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_management_plug-ins -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp e-series_santricity_web_services -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp oncommand_workflow_automation -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
              "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: Serialization). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9; Java SE Embedded: 8u144. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a la capacidad no autorizada de provocar una denegaci\u00f3n de servicio parcial (DoS parcial) en Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2017-10357",
  "lastModified": "2024-11-21T03:06:00.423",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-19T17:29:04.467",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101355"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2998"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3047"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3264"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3267"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3268"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-14"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4015"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101355"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2998"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4048"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3919Third Party Advisory
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3954Third Party Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/99839Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1038931Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
secalert_us@oracle.comhttps://cert.vde.com/en-us/advisories/vde-2017-002Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201709-22Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3919Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3954Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99839Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038931Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert.vde.com/en-us/advisories/vde-2017-002Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201709-22Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jrockit r28.3.14
debian debian_linux 8.0
debian debian_linux 9.0
phoenixcontact fl_mguard_dm *
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap 9.6
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B1FE26D-1936-475A-B644-BBB4281FB5C1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phoenixcontact:fl_mguard_dm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8556AADE-54E7-4D1B-A5AB-D37EF3B4962E",
              "versionEndIncluding": "1.8.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "212E1878-1B9A-4CB4-A1CE-EAD60B867161",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: JCE). Las versiones compatibles que se han visto afectadas son Java SE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos de suma importancia o un acceso completo a todos los datos accesibles de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 5.9 (impactos en la confidencialidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)."
    }
  ],
  "id": "CVE-2017-10135",
  "lastModified": "2024-11-21T03:05:27.500",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T15:29:04.413",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99839"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99839"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-4005Third Party Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/99662Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1038931Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201709-22Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-4005Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99662Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038931Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201709-22Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "BB6FD3C7-7214-4E28-9A88-FBA91F2A4277",
              "versionStartIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "A85C4E34-7F3B-4137-9D4C-9C80490B3409",
              "versionStartIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4022E33-B50C-4B0D-8485-F9091B6E57E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: JavaFX). Las versiones compatibles que se han visto afectadas son JavaSE: 7u141 y 8u131. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 9.6 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    }
  ],
  "id": "CVE-2017-10086",
  "lastModified": "2024-11-21T03:05:20.140",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.6,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T15:29:02.677",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-4005"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99662"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-4005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99662"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-05-08 15:15
Modified
2024-11-21 04:55
Summary
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5835B8E0-83CB-4B09-A21A-3CB59AF41F62",
              "versionEndExcluding": "5.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89612649-BACF-4FAC-9BA4-324724FD93A6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D9B255-C1AF-42D1-BF9B-13642FBDC080",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5921A877-18BF-43FE-915C-D226E140ACFC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7296A1F2-D315-4FD5-8A73-65C480C855BE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode."
    },
    {
      "lang": "es",
      "value": "Se presenta un uso de la memoria previamente liberada en kernel versiones anteriores a 5.5, debido a una condici\u00f3n de carrera entre la liberaci\u00f3n de ptp_clock y cdev durante la desasignaci\u00f3n de recursos. Cuando un proceso (muy privilegiado) asigna un archivo de dispositivo ptp (como /dev/ptpX) y voluntariamente se va a dormir. Durante este tiempo, si el dispositivo subyacente es removido, puede causar una condici\u00f3n explotable a medida que el proceso se activa para terminar y limpiar todos los archivos adjuntos. El sistema se bloquea debido a que la estructura cdev no est\u00e1 siendo v\u00e1lida (ya que se ha liberado), lo cual se\u00f1ala el inode."
    }
  ],
  "id": "CVE-2020-10690",
  "lastModified": "2024-11-21T04:55:51.727",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.6,
        "impactScore": 5.9,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-05-08T15:15:11.880",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4419-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4419-1/"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3919Third Party Advisory
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3954Third Party Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/99670Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1038931Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201709-22Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3919Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3954Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99670Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038931Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201709-22Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
debian debian_linux 8.0
debian debian_linux 9.0
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: JAXP). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE y Java SE Embedded, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 9.6 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    }
  ],
  "id": "CVE-2017-10096",
  "lastModified": "2024-11-21T03:05:21.617",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.6,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T15:29:03.100",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99670"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99670"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-10-29 13:29
Modified
2024-11-21 03:38
Summary
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
References
openssl-security@openssl.orghttp://www.securityfocus.com/bid/105750Third Party Advisory, VDB Entry
openssl-security@openssl.orghttp://www.securitytracker.com/id/1041986Third Party Advisory, VDB Entry
openssl-security@openssl.orghttps://access.redhat.com/errata/RHSA-2019:3700Third Party Advisory
openssl-security@openssl.orghttps://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56fb454d281a023b3f950d969693553d3f3ceea1
openssl-security@openssl.orghttps://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4
openssl-security@openssl.orghttps://lists.debian.org/debian-lts-announce/2018/11/msg00024.htmlMailing List, Third Party Advisory
openssl-security@openssl.orghttps://nodejs.org/en/blog/vulnerability/november-2018-security-releases/Third Party Advisory
openssl-security@openssl.orghttps://security.netapp.com/advisory/ntap-20181105-0002/Third Party Advisory
openssl-security@openssl.orghttps://usn.ubuntu.com/3840-1/Third Party Advisory
openssl-security@openssl.orghttps://www.debian.org/security/2018/dsa-4348Third Party Advisory
openssl-security@openssl.orghttps://www.openssl.org/news/secadv/20181029.txtVendor Advisory
openssl-security@openssl.orghttps://www.oracle.com/security-alerts/cpujan2020.htmlThird Party Advisory
openssl-security@openssl.orghttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
openssl-security@openssl.orghttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
openssl-security@openssl.orghttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/105750Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1041986Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3700Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56fb454d281a023b3f950d969693553d3f3ceea1
af854a3a-2127-422b-91ae-364da2661108https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/11/msg00024.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20181105-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3840-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4348Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.openssl.org/news/secadv/20181029.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
openssl openssl *
openssl openssl 1.1.1
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
debian debian_linux 8.0
debian debian_linux 9.0
nodejs node.js *
nodejs node.js *
nodejs node.js 10.13.0
netapp cn1610_firmware -
netapp cn1610 -
netapp cloud_backup -
netapp element_software -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp santricity_smi-s_provider -
netapp smi-s_provider -
netapp snapdrive -
netapp snapdrive -
netapp steelstore -
oracle api_gateway 11.1.2.4.0
oracle application_server 0.9.8
oracle application_server 1.0.0
oracle application_server 1.0.1
oracle enterprise_manager_base_platform 12.1.0.5.0
oracle enterprise_manager_base_platform 13.2.0.0.0
oracle enterprise_manager_base_platform 13.3.0.0.0
oracle enterprise_manager_ops_center 12.3.3
oracle mysql *
oracle mysql *
oracle mysql *
oracle peoplesoft_enterprise_peopletools 8.55
oracle peoplesoft_enterprise_peopletools 8.56
oracle peoplesoft_enterprise_peopletools 8.57
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management 8.4
oracle primavera_p6_enterprise_project_portfolio_management 15.1
oracle primavera_p6_enterprise_project_portfolio_management 15.2
oracle primavera_p6_enterprise_project_portfolio_management 16.1
oracle primavera_p6_enterprise_project_portfolio_management 16.2
oracle primavera_p6_enterprise_project_portfolio_management 18.8
oracle secure_global_desktop 5.4
oracle tuxedo 12.1.1.0.0
oracle vm_virtualbox *
oracle vm_virtualbox *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5953EAB1-D0E8-48EA-B07D-3B828E6BB326",
              "versionEndIncluding": "1.1.0i",
              "versionStartIncluding": "1.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F69F3542-173D-4E0D-99BB-42FDD206D996",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "5725F854-27B7-4BC1-8DCA-FAC0B4E41139",
              "versionEndExcluding": "10.12.0",
              "versionStartIncluding": "10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "4E62EA78-C705-4AC9-9C0B-3C9114087C37",
              "versionEndExcluding": "11.3.0",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:10.13.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "541EAE2B-5446-46CE-BC91-13188EAD6092",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB30733E-68FC-49C4-86C0-7FEE75C366BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6361DAC6-600F-4B15-8797-D67F298F46FB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBF1DFDA-FB66-4CEA-A658-B167326D1D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "7E49ACFC-FD48-4ED7-86E8-68B5B753852C",
              "versionStartIncluding": "9.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "361B791A-D336-4431-8F68-8135BEFFAEA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
              "matchCriteriaId": "61D7EF01-F618-497F-9375-8003CEA3D380",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BEDE62C6-D571-4AF8-B85E-CBBCE4AF98B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DF5449D-22D2-48B4-8F50-57B43DCB15B9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5553591-073B-45E3-999F-21B8BA2EEE22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_server:0.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD941CDF-8486-43F7-9D98-2B8785B1B139",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_server:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDE18990-1FC9-4624-971B-2E87BF0871AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_server:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17C29F2D-CBE6-4E22-98AE-787E939ED161",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "98F3E643-4B65-4668-BB11-C61ED54D5A53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "459B4A5F-A6BD-4A1C-B6B7-C979F005EB70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDCE0E90-495E-4437-8529-3C36441FB69D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65B4E766-8D75-48A9-8267-6EE1407B949D",
              "versionEndIncluding": "5.6.42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F17AD8D0-6D79-4E7D-9CD6-9B130A529C5D",
              "versionEndIncluding": "5.7.24",
              "versionStartIncluding": "5.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C743C44C-2E97-4E5E-8C76-FC0E666BA115",
              "versionEndIncluding": "8.0.13",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A1E1023-2EB9-4334-9B74-CA71480F71C2",
              "versionEndIncluding": "17.12",
              "versionStartIncluding": "17.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "84BF6794-2CE6-407F-B8E0-81871AB7B40B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "93A4E178-0082-45C5-BBC0-0A4E51C8B1DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F021C23-AB9B-4877-833F-D01359A98762",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F8ED016-32A1-42EE-844E-3E6B2C116B74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A046CC2C-445F-4336-8810-930570B4FEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0745445C-EC43-4091-BA7C-5105AFCC6F1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5265C91-FF5C-4451-A7C2-D388A65ACFA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "92A6A7BA-CCE6-426F-8434-7A578A245180",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B52550D1-38F6-4AAC-BE68-487F7D6DB2D8",
              "versionEndExcluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3F69D90-6F4D-4D09-8F60-E36072303E32",
              "versionEndExcluding": "5.2.24",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1)."
    },
    {
      "lang": "es",
      "value": "Se ha demostrado que el algoritmo de firmas ECDSA en OpenSSL es vulnerable a un ataque de sincronizaci\u00f3n de canal lateral. Un atacante podr\u00eda emplear variaciones en el algoritmo de firma para recuperar la clave privada. Se ha solucionado en OpenSSL 1.1.0j (afecta a 1.1.0-1.1.0i). Se ha solucionado en OpenSSL 1.1.1a (afecta a 1.1.1)."
    }
  ],
  "id": "CVE-2018-0735",
  "lastModified": "2024-11-21T03:38:50.413",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-29T13:29:00.263",
  "references": [
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105750"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041986"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3700"
    },
    {
      "source": "openssl-security@openssl.org",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56fb454d281a023b3f950d969693553d3f3ceea1"
    },
    {
      "source": "openssl-security@openssl.org",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3840-1/"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4348"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.openssl.org/news/secadv/20181029.txt"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105750"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041986"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3700"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56fb454d281a023b3f950d969693553d3f3ceea1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3840-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4348"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.openssl.org/news/secadv/20181029.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    }
  ],
  "sourceIdentifier": "openssl-security@openssl.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-327"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-05-09 21:15
Modified
2024-11-21 05:00
Summary
An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/08/msg00019.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/10/msg00032.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/10/msg00034.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lkml.org/lkml/2020/4/26/87Exploit, Mailing List, Patch, Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200608-0001/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4462-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4463-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4465-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4483-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4485-1/Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/08/msg00019.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/10/msg00032.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/10/msg00034.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lkml.org/lkml/2020/4/26/87Exploit, Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200608-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4462-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4463-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4465-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4483-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4485-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDB8BD32-CDED-49F6-9973-4CE2DC1F79A4",
              "versionEndIncluding": "5.6.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDD92BFA-9117-4E6E-A13F-ED064B4B7284",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B7DA42F-5D64-4967-A2D4-6210FE507841",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89612649-BACF-4FAC-9BA4-324724FD93A6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D9B255-C1AF-42D1-BF9B-13642FBDC080",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5921A877-18BF-43FE-915C-D226E140ACFC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7296A1F2-D315-4FD5-8A73-65C480C855BE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "78C99571-0F3C-43E6-84B3-7D80E045EF8E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en el kernel de Linux versiones hasta 5.6.11. La funci\u00f3n btree_gc_coalesce en el archivo drivers/md/bcache/btree.c, presenta un punto muerto si se produce un fallo de la operaci\u00f3n de coalescencia."
    }
  ],
  "id": "CVE-2020-12771",
  "lastModified": "2024-11-21T05:00:15.450",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-05-09T21:15:11.210",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lkml.org/lkml/2020/4/26/87"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4462-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4463-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4465-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4483-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4485-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lkml.org/lkml/2020/4/26/87"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4462-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4463-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4465-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4483-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4485-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-667"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3919Third Party Advisory
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3954Third Party Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/99847Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1038931Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201709-22Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3919Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3954Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99847Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038931Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201709-22Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jrockit r28.3.14
debian debian_linux 8.0
debian debian_linux 9.0
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap 9.6
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B1FE26D-1936-475A-B644-BBB4281FB5C1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: Serialization). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos de esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2017-10109",
  "lastModified": "2024-11-21T03:05:23.753",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T15:29:03.587",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99847"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99847"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-08-07 04:15
Modified
2024-11-21 06:16
Summary
In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior
References
cve@mitre.orghttps://access.redhat.com/security/cve/cve-2021-38160Third Party Advisory
cve@mitre.orghttps://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4Release Notes, Vendor Advisory
cve@mitre.orghttps://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46Patch, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2021/10/msg00010.htmlThird Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2021/12/msg00012.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20210902-0010/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2021/dsa-4978Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/cve-2021-38160Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/10/msg00010.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/12/msg00012.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20210902-0010/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2021/dsa-4978Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DAFBDE6-EDBA-4AB8-9AF9-6359EB1CE1A0",
              "versionEndExcluding": "4.4.276",
              "versionStartIncluding": "2.6.24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C79FFC06-9530-4CD7-B651-01D786CC925E",
              "versionEndExcluding": "4.9.276",
              "versionStartIncluding": "4.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB359B2E-773D-4D52-9915-E07A47ABE72B",
              "versionEndExcluding": "4.14.240",
              "versionStartIncluding": "4.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B93AEDB9-C52B-4222-8F9A-882DAD9EF5B2",
              "versionEndExcluding": "4.19.198",
              "versionStartIncluding": "4.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "508D9771-335F-44A6-9F2F-880DF1267A1F",
              "versionEndExcluding": "5.4.134",
              "versionStartIncluding": "4.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C1E6FB6-53C8-4DC4-8AE5-93094BA39F62",
              "versionEndExcluding": "5.10.52",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "34C1A2F4-DD44-4CF1-8FD4-751A0D746A9E",
              "versionEndExcluding": "5.12.19",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F93FA3CC-0C79-410B-A7D7-245C2AA0723A",
              "versionEndExcluding": "5.13.4",
              "versionStartIncluding": "5.13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [
    {
      "sourceIdentifier": "cve@mitre.org",
      "tags": [
        "disputed"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf-\u003elen value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior"
    },
    {
      "lang": "es",
      "value": "** EN DISPUTA ** En el archivo drivers/char/virtio_console.c en el kernel de Linux versiones anteriores a 5.13.4, la corrupci\u00f3n o p\u00e9rdida de datos puede ser desencadenada por un dispositivo no fiable que suministre un valor buf-)len excediendo el tama\u00f1o del buffer. NOTA: El proveedor indica que la citada corrupci\u00f3n de datos no es una vulnerabilidad en ning\u00fan caso de uso existente; la validaci\u00f3n de la longitud se a\u00f1adi\u00f3 \u00fanicamente para la robustez frente a un comportamiento an\u00f3malo del sistema operativo anfitri\u00f3n."
    }
  ],
  "id": "CVE-2021-38160",
  "lastModified": "2024-11-21T06:16:31.280",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-08-07T04:15:06.967",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/cve-2021-38160"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4978"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/cve-2021-38160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4978"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-05-09 21:15
Modified
2024-11-21 05:00
Summary
An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.
References
cve@mitre.orghttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aeeMailing List, Patch
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/06/msg00011.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/06/msg00012.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/06/msg00013.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/
cve@mitre.orghttps://lkml.org/lkml/2020/4/13/870Mailing List, Patch, Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200608-0001/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4411-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4412-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4413-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4414-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4419-1/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2020/dsa-4698Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2020/dsa-4699Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aeeMailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/06/msg00011.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/06/msg00012.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/06/msg00013.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/
af854a3a-2127-422b-91ae-364da2661108https://lkml.org/lkml/2020/4/13/870Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200608-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4411-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4412-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4413-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4414-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4419-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4698Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4699Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDB8BD32-CDED-49F6-9973-4CE2DC1F79A4",
              "versionEndIncluding": "5.6.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDD92BFA-9117-4E6E-A13F-ED064B4B7284",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B7DA42F-5D64-4967-A2D4-6210FE507841",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89612649-BACF-4FAC-9BA4-324724FD93A6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D9B255-C1AF-42D1-BF9B-13642FBDC080",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5921A877-18BF-43FE-915C-D226E140ACFC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7296A1F2-D315-4FD5-8A73-65C480C855BE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en el kernel de Linux versiones hasta 5.6.11. La funci\u00f3n sg_write, carece de una llamada a sg_remove_request en un determinado caso de fallo, tambi\u00e9n se conoce como CID-83c6f2390040."
    }
  ],
  "id": "CVE-2020-12770",
  "lastModified": "2024-11-21T05:00:15.243",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-05-09T21:15:11.163",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lkml.org/lkml/2020/4/13/870"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4411-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4412-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4413-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4414-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4419-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4698"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4699"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lkml.org/lkml/2020/4/13/870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4411-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4412-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4413-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4414-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4419-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4698"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4699"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-04-19 21:15
Modified
2024-11-21 06:44
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Impacted products
Vendor Product Version
oracle graalvm 20.3.5
oracle graalvm 21.3.1
oracle graalvm 22.0.0.2
oracle jdk 7.0
oracle jdk 8.0
oracle jdk 11.0.14
oracle jdk 17.0.2
oracle jdk 18
netapp active_iq_unified_manager -
netapp active_iq_unified_manager -
netapp cloud_insights_acquisition_unit -
netapp cloud_secure_agent -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp e-series_santricity_web_services -
netapp element_software -
netapp hci_management_node -
netapp oncommand_insight -
netapp santricity_unified_manager -
netapp solidfire -
netapp bootstrap_os -
netapp hci_compute_node -
debian debian_linux 9.0
debian debian_linux 10.0
debian debian_linux 11.0
azul zulu 7.52
azul zulu 8.60
azul zulu 11.54
azul zulu 13.46
azul zulu 15.38
azul zulu 17.32
oracle openjdk *
oracle openjdk *
oracle openjdk *
oracle openjdk *
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 7
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 8
oracle openjdk 18



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "079F2588-2746-408B-9BB0-9A569289985B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "51600424-E294-41E0-9C8B-12D0C3456027",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C3D12B98-032F-49A6-B237-E0CAD32D9A25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:7.0:update_331:*:*:*:*:*:*",
              "matchCriteriaId": "AC99AA10-93C5-4B27-A991-FD29496FDF1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:8.0:update_321:*:*:*:*:*:*",
              "matchCriteriaId": "C66D72B5-055F-45BD-AD02-C5E086AB5B63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "681BFE5C-6F33-4084-8F0D-2DD573782004",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:17.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A29CF53D-7DDC-4B60-8232-6C173083101F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:18:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBA091EC-B5A9-468D-B99C-BB6F333E7B64",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "5522AD81-A23E-47D3-82E4-6D71ECEB1DBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AC61C25-871B-4F6F-A5F0-77359F373681",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "12A59E25-5ED3-4A6D-95F6-45750866E0D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC0DC492-706E-42FE-8757-71873B53C417",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1441FE9-45C5-46C4-BF78-FD5D30F9C80C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "28D25E37-5479-4876-B46C-28FF87384852",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C0D3169-24B4-4733-BD40-59D0BB5DAC13",
              "versionEndIncluding": "11.0.14",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1D003C0-042E-4126-AEDA-F85863FEAB45",
              "versionEndIncluding": "13.0.10",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC2C87EC-6234-482F-B597-962E3C52D01B",
              "versionEndIncluding": "15.0.6",
              "versionStartIncluding": "15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "38F4BE82-B2A6-4E48-B1E0-100ACF94B9CD",
              "versionEndIncluding": "17.0.2",
              "versionStartIncluding": "17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
              "matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
              "matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
              "matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
              "matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
              "matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
              "matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
              "matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
              "matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
              "matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
              "matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
              "matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
              "matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
              "matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
              "matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
              "matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
              "matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
              "matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
              "matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
              "matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
              "matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
              "matchCriteriaId": "02C55E2E-AEDE-455C-B128-168C918B5D97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
              "matchCriteriaId": "81831D37-6597-441B-87DE-38F7191BEA42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
              "matchCriteriaId": "EEA1594D-0AB5-436D-9E60-C26EE2175753",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
              "matchCriteriaId": "B868FA41-C71B-491C-880B-484740B30C72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
              "matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
              "matchCriteriaId": "95954182-9541-4181-9647-B17FA5A79F9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
              "matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
              "matchCriteriaId": "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update331:*:*:*:*:*:*",
              "matchCriteriaId": "A8971E08-2CA2-46F4-8C26-12D2AFAC3B04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
              "matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
              "matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
              "matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
              "matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
              "matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
              "matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
              "matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
              "matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
              "matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
              "matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
              "matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
              "matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
              "matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
              "matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
              "matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
              "matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
              "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
              "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
              "matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
              "matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
              "matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
              "matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
              "matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
              "matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
              "matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
              "matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
              "matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*",
              "matchCriteriaId": "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:18:*:*:*:*:*:*:*",
              "matchCriteriaId": "56CBFC1F-C120-44F2-877A-C1C880AA89C4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones afectadas son Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 y 22.0.0.2. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en un acceso no autorizado a datos cr\u00edticos o el acceso completo a todos los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n Base 7.5 (impactos en la Confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)"
    }
  ],
  "id": "CVE-2022-21476",
  "lastModified": "2024-11-21T06:44:47.470",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-04-19T21:15:17.503",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5128"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5131"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5131"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/101378Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1039596Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2998Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3047Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3264Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3267Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3268Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201710-31Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201711-14Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2017/dsa-4015Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2017/dsa-4048Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101378Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039596Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2998Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3047Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3264Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3267Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3268Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201710-31Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201711-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4015Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4048Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 1.9.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 1.9.0
oracle jrockit r28.3.15
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_management_plug-ins -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp e-series_santricity_web_services -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp oncommand_workflow_automation -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "66CB92D2-A529-4912-9D59-40EAC3F5D674",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
              "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: Serialization). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2017-10281",
  "lastModified": "2024-11-21T03:05:49.407",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-19T17:29:02.107",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101378"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2998"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3047"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3264"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3267"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3268"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-14"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4015"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101378"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2998"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4048"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:06
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/101321Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1039596Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2998Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3047Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3264Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3267Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3268Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201710-31Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201711-14Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2017/dsa-4015Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2017/dsa-4048Third Party Advisory
secalert_us@oracle.comhttps://www.synology.com/support/security/Synology_SA_17_66_OpenJDKThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101321Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039596Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2998Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3047Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3264Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3267Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3268Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201710-31Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201711-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4015Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4048Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.synology.com/support/security/Synology_SA_17_66_OpenJDKThird Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 1.9.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 1.9.0
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_management_plug-ins -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp e-series_santricity_web_services -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp oncommand_workflow_automation -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
              "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: Libraries). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9; Java SE Embedded: 8u144. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por Kerberos comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE y Java SE Embedded. Nota: Esto afecta al cliente de Kerberos de Java SE. CVSS 3.0 Base Score 7.5 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."
    }
  ],
  "id": "CVE-2017-10388",
  "lastModified": "2024-11-21T03:06:04.590",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-19T17:29:05.403",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101321"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2998"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3047"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3264"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3267"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3268"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-14"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4015"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4048"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101321"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2998"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-07-07 13:15
Modified
2024-11-21 07:05
Summary
A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.
References
support@hackerone.comhttp://seclists.org/fulldisclosure/2022/Oct/28Mailing List, Third Party Advisory
support@hackerone.comhttp://seclists.org/fulldisclosure/2022/Oct/41Mailing List, Third Party Advisory
support@hackerone.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdfPatch, Third Party Advisory
support@hackerone.comhttps://hackerone.com/reports/1569946Exploit, Third Party Advisory
support@hackerone.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/Mailing List, Third Party Advisory
support@hackerone.comhttps://security.gentoo.org/glsa/202212-01Third Party Advisory
support@hackerone.comhttps://security.netapp.com/advisory/ntap-20220915-0003/Third Party Advisory
support@hackerone.comhttps://support.apple.com/kb/HT213488Third Party Advisory
support@hackerone.comhttps://www.debian.org/security/2022/dsa-5197Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2022/Oct/28Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2022/Oct/41Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdfPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://hackerone.com/reports/1569946Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202212-01Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20220915-0003/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT213488Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2022/dsa-5197Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6E27893-D80C-4F7C-A87B-CEEA709A8E9F",
              "versionEndExcluding": "7.84.0",
              "versionStartIncluding": "7.71.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71E032AD-F827-4944-9699-BB1E6D4233FC",
              "versionEndExcluding": "13.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:scalance_sc622-2c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "21A75847-54F1-453A-82D7-B6D2CB2DE7AA",
              "versionEndExcluding": "3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:scalance_sc622-2c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "50FEE5FA-B141-4E5F-8673-363089262530",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:scalance_sc626-2c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECCD4A67-EA4B-47C7-83F8-5CCC18BC3C94",
              "versionEndExcluding": "3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:scalance_sc626-2c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAC3EE40-4398-4337-B40E-8AACDF225BBF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:scalance_sc632-2c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E00E02E5-109C-44E7-8C20-BFEE7C739ADC",
              "versionEndExcluding": "3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:scalance_sc632-2c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A79836B-5EC1-40AF-8A57-9657EF6758E5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:scalance_sc636-2c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1BC85A6-386C-43E9-9266-50F8C53C7362",
              "versionEndExcluding": "3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:scalance_sc636-2c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB9BD17-7F1F-42E9-831F-EB907F9BC214",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:scalance_sc642-2c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ACE6C40-E0BB-4D65-A76E-BCCA262AF2FD",
              "versionEndExcluding": "3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:scalance_sc642-2c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "10C7D54A-27B4-4195-8131-DD5380472A75",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:scalance_sc646-2c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BFAB0B9-3C01-4066-B9CD-5A7C4A66AA3C",
              "versionEndExcluding": "3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:scalance_sc646-2c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E54AF1E6-0E52-447C-8946-18716D30EBE2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D",
              "versionEndExcluding": "8.2.12",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32",
              "versionEndExcluding": "9.0.6",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl \u003c 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven\u0027t expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a \"sister server\" to effectively cause a denial of service for a sibling site on the same second level domain using this method."
    },
    {
      "lang": "es",
      "value": "Un servidor malicioso puede servir cantidades excesivas de encabezados \"Set-Cookie:\" en una respuesta HTTP a curl y curl versiones anteriores a 7.84.0 las almacena todas. Una cantidad suficientemente grande de cookies (grandes) hace que las subsiguientes peticiones HTTP a este, o a otros servidores con los que coincidan las cookies, creen peticiones que superen el umbral que curl usa internamente para evitar el env\u00edo de peticiones locamente grandes (1048576 bytes) y en su lugar devuelva un error. Este estado de denegaci\u00f3n puede permanecer mientras sea mantenidas las mismas cookies, coincidan y no hayan expirado. Debido a las reglas de coincidencia de cookies, un servidor en \"foo.example.com\" puede establecer cookies que tambi\u00e9n coincidan para \"bar.example.com\", haciendo posible que un \"servidor hermano\" cause efectivamente una denegaci\u00f3n de servicio para un sitio hermano en el mismo dominio de segundo nivel usando este m\u00e9todo"
    }
  ],
  "id": "CVE-2022-32205",
  "lastModified": "2024-11-21T07:05:54.910",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-07T13:15:08.277",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/1569946"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202212-01"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213488"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5197"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/1569946"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202212-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213488"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5197"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-04-19 21:15
Modified
2024-11-21 06:44
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "079F2588-2746-408B-9BB0-9A569289985B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "51600424-E294-41E0-9C8B-12D0C3456027",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C3D12B98-032F-49A6-B237-E0CAD32D9A25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:java_se:7u331:*:*:*:*:*:*:*",
              "matchCriteriaId": "C15F860C-6B33-4950-B443-E2A7D4639573",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:java_se:8u321:*:*:*:*:*:*:*",
              "matchCriteriaId": "696E27A2-34A2-49A8-BEF4-61718D11DD2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:java_se:11.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A9F8A53-6CBE-45EF-A920-4D448B9CE31F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:java_se:17.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "00AC1B6D-9156-40A3-B606-845CCC33D724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:java_se:18:*:*:*:*:*:*:*",
              "matchCriteriaId": "022EC03C-1574-4421-9AB7-0EEF0D089322",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:azul:zulu:6.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "850B5359-7804-406B-9DC9-D22D65ACEE40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "5522AD81-A23E-47D3-82E4-6D71ECEB1DBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AC61C25-871B-4F6F-A5F0-77359F373681",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "12A59E25-5ED3-4A6D-95F6-45750866E0D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC0DC492-706E-42FE-8757-71873B53C417",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1441FE9-45C5-46C4-BF78-FD5D30F9C80C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "28D25E37-5479-4876-B46C-28FF87384852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:18.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AD8BF00-C510-4E63-8949-CB64E9043610",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: JNDI). Las versiones afectadas son Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 y 22.0.0.2. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java con sandbox, que cargan y ejecutan c\u00f3digo no confiable (por ejemplo, c\u00f3digo procedente de Internet) y que dependen del sandbox de Java para su seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n Base 5.3 (impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)"
    }
  ],
  "id": "CVE-2022-21496",
  "lastModified": "2024-11-21T06:44:50.123",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-04-19T21:15:18.497",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5128"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5131"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5131"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/101333Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1039596Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2998Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3047Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
secalert_us@oracle.comhttps://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201710-31Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201711-14Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2017/dsa-4015Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2017/dsa-4048Third Party Advisory
secalert_us@oracle.comhttps://www.synology.com/support/security/Synology_SA_17_66_OpenJDKThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101333Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039596Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2998Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3047Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201710-31Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201711-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4015Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4048Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.synology.com/support/security/Synology_SA_17_66_OpenJDKThird Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 1.9.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 1.9.0
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_management_plug-ins -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp e-series_santricity_web_services -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp oncommand_workflow_automation -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
              "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: Smart Card IO). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso no autorizado de actualizaci\u00f3n, inserci\u00f3n o supresi\u00f3n de datos cr\u00edticos o de todos los datos accesibles de Java SE, as\u00ed como el acceso sin autorizaci\u00f3n a datos confidenciales o todos los datos accesibles de Java SE. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de aislado Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 6.8 (impactos en la confidencialidad e integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N)."
    }
  ],
  "id": "CVE-2017-10274",
  "lastModified": "2024-11-21T03:05:48.267",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-19T17:29:01.873",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101333"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2998"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3047"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-14"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4015"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4048"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2998"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-05-15 18:15
Modified
2024-11-21 05:00
Summary
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2020/05/19/6Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/09/msg00025.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/10/msg00032.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/10/msg00034.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBEHRQQZTKJTPQFPY3JAO7MQ4JAFEQNW/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXGMJHWTMQI34NJZ4BHL3ZVF264AWBF2/
cve@mitre.orghttps://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit%40gimli.home/
cve@mitre.orghttps://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit%40gimli.home/
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200608-0001/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4525-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4526-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2020/05/19/6Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/09/msg00025.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/10/msg00032.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/10/msg00034.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBEHRQQZTKJTPQFPY3JAO7MQ4JAFEQNW/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXGMJHWTMQI34NJZ4BHL3ZVF264AWBF2/
af854a3a-2127-422b-91ae-364da2661108https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit%40gimli.home/
af854a3a-2127-422b-91ae-364da2661108https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit%40gimli.home/
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200608-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4525-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4526-1/Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF8D3C1A-7029-4267-B1EA-3D12CAC1EA55",
              "versionEndIncluding": "5.6.13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "090AA6F4-4404-4E26-82AB-C3A22636F276",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDD92BFA-9117-4E6E-A13F-ED064B4B7284",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B7DA42F-5D64-4967-A2D4-6210FE507841",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89612649-BACF-4FAC-9BA4-324724FD93A6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D9B255-C1AF-42D1-BF9B-13642FBDC080",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5921A877-18BF-43FE-915C-D226E140ACFC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7296A1F2-D315-4FD5-8A73-65C480C855BE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space."
    },
    {
      "lang": "es",
      "value": "El controlador VFIO PCI en el kernel de Linux versiones hasta 5.6.13, maneja inapropiadamente los intentos para acceder al espacio de memoria deshabilitado."
    }
  ],
  "id": "CVE-2020-12888",
  "lastModified": "2024-11-21T05:00:29.897",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.7,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-05-15T18:15:13.650",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/05/19/6"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBEHRQQZTKJTPQFPY3JAO7MQ4JAFEQNW/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXGMJHWTMQI34NJZ4BHL3ZVF264AWBF2/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit%40gimli.home/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit%40gimli.home/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4525-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4526-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/05/19/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBEHRQQZTKJTPQFPY3JAO7MQ4JAFEQNW/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXGMJHWTMQI34NJZ4BHL3ZVF264AWBF2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit%40gimli.home/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit%40gimli.home/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4525-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4526-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/101341Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1039596Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2998Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3264Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3267Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3268Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201710-31Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201711-14Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2017/dsa-4015Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2017/dsa-4048Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101341Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039596Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2998Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2999Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3046Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3264Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3267Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3268Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3392Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201710-31Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201711-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20171019-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4015Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4048Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 1.9.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 1.9.0
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_management_plug-ins -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp e-series_santricity_web_services -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp oncommand_workflow_automation -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*",
              "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
              "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: JAX-WS). Las versiones compatibles que se han visto afectadas son Java SE: 7u151, 8u144 y 9; Java SE Embedded: 8u144. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a la capacidad no autorizada de provocar una denegaci\u00f3n de servicio parcial (DoS parcial) en Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)"
    }
  ],
  "id": "CVE-2017-10350",
  "lastModified": "2024-11-21T03:05:59.190",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-19T17:29:04.170",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101341"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2998"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3264"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3267"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3268"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-14"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4015"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101341"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039596"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2998"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-31"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4048"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).
References
secalert_us@oracle.comhttp://www.debian.org/security/2017/dsa-3954Third Party Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/99827Broken Link
secalert_us@oracle.comhttp://www.securitytracker.com/id/1038931Broken Link
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201709-22Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3954Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99827Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038931Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1789Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1790Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1791Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1792Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2424Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2469Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2481Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2530Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201709-22Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20170720-0001/Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jrockit r28.3.14
debian debian_linux 8.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp cloud_backup -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp element_software -
netapp oncommand_balance -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_unified_manager -
netapp plug-in_for_symantec_netbackup -
netapp snapmanager -
netapp snapmanager -
netapp steelstore_cloud_integrated_storage -
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp storage_replication_adapter_for_clustered_data_ontap 9.6
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp virtual_storage_console *
netapp virtual_storage_console 6.0
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*",
              "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*",
              "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*",
              "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B1FE26D-1936-475A-B644-BBB4281FB5C1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: JAX-WS). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por HTTP comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso de lectura sin autorizaci\u00f3n de un subconjunto de datos accesibles de Java SE, Java SE Embedded y JRockit. Adem\u00e1s, pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 6.5 (impactos en la confidencialidad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)."
    }
  ],
  "id": "CVE-2017-10243",
  "lastModified": "2024-11-21T03:05:43.340",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T15:29:07.177",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99827"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/99827"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2424"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}