CVE-2017-10109 (GCVE-0-2017-10109)

Vulnerability from cvelistv5 – Published: 2017-08-08 15:00 – Updated: 2024-10-04 19:03
VLAI?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Severity ?
No CVSS data available.
CWE
  • Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.
Assigner
References
https://access.redhat.com/errata/RHSA-2017:1791 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1790 vendor-advisoryx_refsource_REDHAT
https://security.netapp.com/advisory/ntap-2017072… x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1789 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2424 vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/99847 vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038931 vdb-entryx_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1792 vendor-advisoryx_refsource_REDHAT
https://security.gentoo.org/glsa/201709-22 vendor-advisoryx_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3919 vendor-advisoryx_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:2481 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2530 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3453 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2469 vendor-advisoryx_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3954 vendor-advisoryx_refsource_DEBIAN
http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
Impacted products
Vendor Product Version
Oracle Corporation Java Affected: Java SE: 6u151
Affected: 7u141
Affected: 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:33:16.701Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1791"
          },
          {
            "name": "RHSA-2017:1790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "name": "RHSA-2017:1789",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1789"
          },
          {
            "name": "RHSA-2017:2424",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2424"
          },
          {
            "name": "99847",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99847"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "RHSA-2017:1792",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1792"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "name": "DSA-3919",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3919"
          },
          {
            "name": "RHSA-2017:2481",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2481"
          },
          {
            "name": "RHSA-2017:2530",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2530"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "RHSA-2017:2469",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2469"
          },
          {
            "name": "DSA-3954",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3954"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10109",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:36:49.347638Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T19:03:14.843Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u151"
            },
            {
              "status": "affected",
              "version": "7u141"
            },
            {
              "status": "affected",
              "version": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:1791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1791"
        },
        {
          "name": "RHSA-2017:1790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "name": "RHSA-2017:1789",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1789"
        },
        {
          "name": "RHSA-2017:2424",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2424"
        },
        {
          "name": "99847",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99847"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "RHSA-2017:1792",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1792"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "name": "DSA-3919",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3919"
        },
        {
          "name": "RHSA-2017:2481",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2481"
        },
        {
          "name": "RHSA-2017:2530",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2530"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "RHSA-2017:2469",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2469"
        },
        {
          "name": "DSA-3954",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3954"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10109",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u151"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u141"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1791"
            },
            {
              "name": "RHSA-2017:1790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1790"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "RHSA-2017:1789",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1789"
            },
            {
              "name": "RHSA-2017:2424",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2424"
            },
            {
              "name": "99847",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99847"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "RHSA-2017:1792",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1792"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "DSA-3919",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3919"
            },
            {
              "name": "RHSA-2017:2481",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2481"
            },
            {
              "name": "RHSA-2017:2530",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2530"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:2469",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2469"
            },
            {
              "name": "DSA-3954",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3954"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10109",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T19:03:14.843Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3322D72-6B56-467E-90E5-5DCE0FA1F431\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4D0E043-D34F-446D-879B-692E3CF500C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*\", \"matchCriteriaId\": \"106E9F69-857A-42F8-A727-2650C896D3B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*\", \"matchCriteriaId\": \"673DD72C-4FC8-406A-A24A-B06DD709649C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*\", \"matchCriteriaId\": \"363C8E7E-2EEA-4308-A141-854B9EC17AAB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*\", \"matchCriteriaId\": \"595FC4B7-418E-457C-ADCC-0A49A676D629\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jrockit:r28.3.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B1FE26D-1936-475A-B644-BBB4281FB5C1\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4F86C3C-B99C-44C6-97D7-163DC3F59687\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33C068A4-3780-4EAB-A937-6082DF847564\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"807C024A-F8E8-4B48-A349-4C68CD252CA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F96E3779-F56A-45FF-BB3D-4980527D721E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CF73560-2F5B-4723-A8A1-9AADBB3ADA00\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BF3C7A5-9117-42C7-BEA1-4AA378A582EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83737173-E12E-4641-BC49-0BD84A6B29D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BBCD86A-E6C7-4444-9D74-F861084090F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51EF4996-72F4-4FA4-814F-F5991E7A8318\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98381E61-F082-4302-B51F-5648884F998B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D99A687E-EAE6-417E-A88E-D0082BC194CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B353CE99-D57C-465B-AAB0-73EF581127D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7431ABC1-9252-419E-8CC1-311B41360078\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5F7E11E-FB34-4467-8919-2B6BEAABF665\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17F256A9-D3B9-4C72-B013-4EFD878BFEA8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*\", \"versionStartIncluding\": \"7.3\", \"matchCriteriaId\": \"BD075607-09B7-493E-8611-66D041FFDA62\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*\", \"versionStartIncluding\": \"9.5\", \"matchCriteriaId\": \"0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C2089EE-5D7F-47EC-8EA5-0F69790564C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0\", \"versionEndIncluding\": \"11.70.1\", \"matchCriteriaId\": \"73F81EC3-4AB0-4CD7-B845-267C5974DE98\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D9CC59D-6182-4B5E-96B5-226FCD343916\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85DF4B3F-4BBC-42B7-B729-096934523D63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*\", \"matchCriteriaId\": \"698C6261-679D-45C1-A396-57AC96AD64D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3BD81527-A341-42C3-9AB9-880D3DB04B08\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*\", \"versionEndIncluding\": \"7.1\", \"matchCriteriaId\": \"E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*\", \"versionEndIncluding\": \"7.1\", \"matchCriteriaId\": \"1A79A7B7-2CE9-4F5E-B76D-01A882C66226\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*\", \"matchCriteriaId\": \"3FA5E22C-489B-4C5F-A5F3-C03F45CA8811\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FFE0A9D2-9A49-4BF6-BC6F-8249162D8334\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*\", \"matchCriteriaId\": \"26A2B713-7D6D-420A-93A4-E0D983C983DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*\", \"matchCriteriaId\": \"64DE38C8-94F1-4860-B045-F33928F676A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E94F7F59-1785-493F-91A7-5F5EA5E87E4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*\", \"versionStartIncluding\": \"7.2\", \"matchCriteriaId\": \"1E35D95E-CCBF-4335-A4DB-02218BA172DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*\", \"matchCriteriaId\": \"B92F025C-D612-4A64-B138-E6B4B113B504\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.2\", \"matchCriteriaId\": \"13270F58-E106-48CE-9933-E68AABBBFC21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"923F6B82-6A8B-4994-89F6-C430775D5234\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*\", \"versionStartIncluding\": \"7.2\", \"matchCriteriaId\": \"B7B42CB6-3C14-4183-AFA8-C3682F8B54AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*\", \"matchCriteriaId\": \"2AA40F7F-504D-47A9-9778-EC4CE46EB8BF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: Serialization). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Una vulnerabilidad f\\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos de esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\\u00f3n de servicio parcial (DoS parcial) de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\\u00f3digo que no es de confianza (por ejemplo, c\\u00f3digo proveniente de internet) y que conf\\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\\u00f3digo de confianza (por ejemplo, c\\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).\"}]",
      "id": "CVE-2017-10109",
      "lastModified": "2024-11-21T03:05:23.753",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-08-08T15:29:03.587",
      "references": "[{\"url\": \"http://www.debian.org/security/2017/dsa-3919\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.debian.org/security/2017/dsa-3954\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/99847\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.securitytracker.com/id/1038931\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:1789\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:1790\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:1791\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:1792\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:2424\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:2469\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:2481\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:2530\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3453\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201709-22\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20170720-0001/\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.debian.org/security/2017/dsa-3919\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.debian.org/security/2017/dsa-3954\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/99847\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.securitytracker.com/id/1038931\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:1789\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:1790\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:1791\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:1792\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:2424\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:2469\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:2481\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:2530\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3453\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201709-22\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20170720-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "secalert_us@oracle.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-10109\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2017-08-08T15:29:03.587\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: Serialization). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos de esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3322D72-6B56-467E-90E5-5DCE0FA1F431\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4D0E043-D34F-446D-879B-692E3CF500C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*\",\"matchCriteriaId\":\"106E9F69-857A-42F8-A727-2650C896D3B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*\",\"matchCriteriaId\":\"673DD72C-4FC8-406A-A24A-B06DD709649C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*\",\"matchCriteriaId\":\"363C8E7E-2EEA-4308-A141-854B9EC17AAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*\",\"matchCriteriaId\":\"595FC4B7-418E-457C-ADCC-0A49A676D629\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jrockit:r28.3.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B1FE26D-1936-475A-B644-BBB4281FB5C1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4F86C3C-B99C-44C6-97D7-163DC3F59687\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"807C024A-F8E8-4B48-A349-4C68CD252CA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F96E3779-F56A-45FF-BB3D-4980527D721E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CF73560-2F5B-4723-A8A1-9AADBB3ADA00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BF3C7A5-9117-42C7-BEA1-4AA378A582EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83737173-E12E-4641-BC49-0BD84A6B29D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98381E61-F082-4302-B51F-5648884F998B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D99A687E-EAE6-417E-A88E-D0082BC194CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B353CE99-D57C-465B-AAB0-73EF581127D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7431ABC1-9252-419E-8CC1-311B41360078\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5F7E11E-FB34-4467-8919-2B6BEAABF665\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17F256A9-D3B9-4C72-B013-4EFD878BFEA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"7.3\",\"matchCriteriaId\":\"BD075607-09B7-493E-8611-66D041FFDA62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*\",\"versionStartIncluding\":\"9.5\",\"matchCriteriaId\":\"0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C2089EE-5D7F-47EC-8EA5-0F69790564C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0\",\"versionEndIncluding\":\"11.70.1\",\"matchCriteriaId\":\"73F81EC3-4AB0-4CD7-B845-267C5974DE98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D9CC59D-6182-4B5E-96B5-226FCD343916\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85DF4B3F-4BBC-42B7-B729-096934523D63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"698C6261-679D-45C1-A396-57AC96AD64D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BD81527-A341-42C3-9AB9-880D3DB04B08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*\",\"versionEndIncluding\":\"7.1\",\"matchCriteriaId\":\"E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*\",\"versionEndIncluding\":\"7.1\",\"matchCriteriaId\":\"1A79A7B7-2CE9-4F5E-B76D-01A882C66226\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*\",\"matchCriteriaId\":\"3FA5E22C-489B-4C5F-A5F3-C03F45CA8811\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFE0A9D2-9A49-4BF6-BC6F-8249162D8334\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*\",\"matchCriteriaId\":\"26A2B713-7D6D-420A-93A4-E0D983C983DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*\",\"matchCriteriaId\":\"64DE38C8-94F1-4860-B045-F33928F676A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E94F7F59-1785-493F-91A7-5F5EA5E87E4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"7.2\",\"matchCriteriaId\":\"1E35D95E-CCBF-4335-A4DB-02218BA172DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"B92F025C-D612-4A64-B138-E6B4B113B504\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2\",\"matchCriteriaId\":\"13270F58-E106-48CE-9933-E68AABBBFC21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"923F6B82-6A8B-4994-89F6-C430775D5234\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*\",\"versionStartIncluding\":\"7.2\",\"matchCriteriaId\":\"B7B42CB6-3C14-4183-AFA8-C3682F8B54AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"2AA40F7F-504D-47A9-9778-EC4CE46EB8BF\"}]}]}],\"references\":[{\"url\":\"http://www.debian.org/security/2017/dsa-3919\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2017/dsa-3954\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99847\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securitytracker.com/id/1038931\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1789\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1790\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1791\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1792\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2424\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2469\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2481\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2530\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3453\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201709-22\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20170720-0001/\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2017/dsa-3919\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2017/dsa-3954\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99847\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securitytracker.com/id/1038931\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1789\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1790\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1791\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1792\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2424\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2469\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2481\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2530\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3453\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201709-22\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20170720-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"product\": \"Java\", \"vendor\": \"Oracle Corporation\", \"versions\": [{\"status\": \"affected\", \"version\": \"Java SE: 6u151\"}, {\"status\": \"affected\", \"version\": \"7u141\"}, {\"status\": \"affected\", \"version\": \"8u131; Java SE Embedded: 8u131; JRockit: R28.3.14\"}]}], \"datePublic\": \"2017-07-18T00:00:00\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).\"}], \"problemTypes\": [{\"descriptions\": [{\"description\": \"Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.\", \"lang\": \"en\", \"type\": \"text\"}]}], \"providerMetadata\": {\"dateUpdated\": \"2018-01-04T19:57:01\", \"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\"}, \"references\": [{\"name\": \"RHSA-2017:1791\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"], \"url\": \"https://access.redhat.com/errata/RHSA-2017:1791\"}, {\"name\": \"RHSA-2017:1790\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"], \"url\": \"https://access.redhat.com/errata/RHSA-2017:1790\"}, {\"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://security.netapp.com/advisory/ntap-20170720-0001/\"}, {\"name\": \"RHSA-2017:1789\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"], \"url\": \"https://access.redhat.com/errata/RHSA-2017:1789\"}, {\"name\": \"RHSA-2017:2424\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"], \"url\": \"https://access.redhat.com/errata/RHSA-2017:2424\"}, {\"name\": \"99847\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"], \"url\": \"http://www.securityfocus.com/bid/99847\"}, {\"name\": \"1038931\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"], \"url\": \"http://www.securitytracker.com/id/1038931\"}, {\"name\": \"RHSA-2017:1792\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"], \"url\": \"https://access.redhat.com/errata/RHSA-2017:1792\"}, {\"name\": \"GLSA-201709-22\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"], \"url\": \"https://security.gentoo.org/glsa/201709-22\"}, {\"name\": \"DSA-3919\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"], \"url\": \"http://www.debian.org/security/2017/dsa-3919\"}, {\"name\": \"RHSA-2017:2481\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"], \"url\": \"https://access.redhat.com/errata/RHSA-2017:2481\"}, {\"name\": \"RHSA-2017:2530\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"], \"url\": \"https://access.redhat.com/errata/RHSA-2017:2530\"}, {\"name\": \"RHSA-2017:3453\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"], \"url\": \"https://access.redhat.com/errata/RHSA-2017:3453\"}, {\"name\": \"RHSA-2017:2469\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"], \"url\": \"https://access.redhat.com/errata/RHSA-2017:2469\"}, {\"name\": \"DSA-3954\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"], \"url\": \"http://www.debian.org/security/2017/dsa-3954\"}, {\"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\"}], \"x_legacyV4Record\": {\"CVE_data_meta\": {\"ASSIGNER\": \"secalert_us@oracle.com\", \"ID\": \"CVE-2017-10109\", \"STATE\": \"PUBLIC\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"product_name\": \"Java\", \"version\": {\"version_data\": [{\"version_affected\": \"=\", \"version_value\": \"Java SE: 6u151\"}, {\"version_affected\": \"=\", \"version_value\": \"7u141\"}, {\"version_affected\": \"=\", \"version_value\": \"8u131; Java SE Embedded: 8u131; JRockit: R28.3.14\"}]}}]}, \"vendor_name\": \"Oracle Corporation\"}]}}, \"data_format\": \"MITRE\", \"data_type\": \"CVE\", \"data_version\": \"4.0\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.\"}]}]}, \"references\": {\"reference_data\": [{\"name\": \"RHSA-2017:1791\", \"refsource\": \"REDHAT\", \"url\": \"https://access.redhat.com/errata/RHSA-2017:1791\"}, {\"name\": \"RHSA-2017:1790\", \"refsource\": \"REDHAT\", \"url\": \"https://access.redhat.com/errata/RHSA-2017:1790\"}, {\"name\": \"https://security.netapp.com/advisory/ntap-20170720-0001/\", \"refsource\": \"CONFIRM\", \"url\": \"https://security.netapp.com/advisory/ntap-20170720-0001/\"}, {\"name\": \"RHSA-2017:1789\", \"refsource\": \"REDHAT\", \"url\": \"https://access.redhat.com/errata/RHSA-2017:1789\"}, {\"name\": \"RHSA-2017:2424\", \"refsource\": \"REDHAT\", \"url\": \"https://access.redhat.com/errata/RHSA-2017:2424\"}, {\"name\": \"99847\", \"refsource\": \"BID\", \"url\": \"http://www.securityfocus.com/bid/99847\"}, {\"name\": \"1038931\", \"refsource\": \"SECTRACK\", \"url\": \"http://www.securitytracker.com/id/1038931\"}, {\"name\": \"RHSA-2017:1792\", \"refsource\": \"REDHAT\", \"url\": \"https://access.redhat.com/errata/RHSA-2017:1792\"}, {\"name\": \"GLSA-201709-22\", \"refsource\": \"GENTOO\", \"url\": \"https://security.gentoo.org/glsa/201709-22\"}, {\"name\": \"DSA-3919\", \"refsource\": \"DEBIAN\", \"url\": \"http://www.debian.org/security/2017/dsa-3919\"}, {\"name\": \"RHSA-2017:2481\", \"refsource\": \"REDHAT\", \"url\": \"https://access.redhat.com/errata/RHSA-2017:2481\"}, {\"name\": \"RHSA-2017:2530\", \"refsource\": \"REDHAT\", \"url\": \"https://access.redhat.com/errata/RHSA-2017:2530\"}, {\"name\": \"RHSA-2017:3453\", \"refsource\": \"REDHAT\", \"url\": \"https://access.redhat.com/errata/RHSA-2017:3453\"}, {\"name\": \"RHSA-2017:2469\", \"refsource\": \"REDHAT\", \"url\": \"https://access.redhat.com/errata/RHSA-2017:2469\"}, {\"name\": \"DSA-3954\", \"refsource\": \"DEBIAN\", \"url\": \"http://www.debian.org/security/2017/dsa-3954\"}, {\"name\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\", \"refsource\": \"CONFIRM\", \"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\"}]}}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T17:33:16.701Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"name\": \"RHSA-2017:1791\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"], \"url\": \"https://access.redhat.com/errata/RHSA-2017:1791\"}, {\"name\": \"RHSA-2017:1790\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"], \"url\": \"https://access.redhat.com/errata/RHSA-2017:1790\"}, {\"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"https://security.netapp.com/advisory/ntap-20170720-0001/\"}, {\"name\": \"RHSA-2017:1789\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"], \"url\": \"https://access.redhat.com/errata/RHSA-2017:1789\"}, {\"name\": \"RHSA-2017:2424\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"], \"url\": \"https://access.redhat.com/errata/RHSA-2017:2424\"}, {\"name\": \"99847\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"], \"url\": \"http://www.securityfocus.com/bid/99847\"}, {\"name\": \"1038931\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"], \"url\": \"http://www.securitytracker.com/id/1038931\"}, {\"name\": \"RHSA-2017:1792\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"], \"url\": \"https://access.redhat.com/errata/RHSA-2017:1792\"}, {\"name\": \"GLSA-201709-22\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"], \"url\": \"https://security.gentoo.org/glsa/201709-22\"}, {\"name\": \"DSA-3919\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"], \"url\": \"http://www.debian.org/security/2017/dsa-3919\"}, {\"name\": \"RHSA-2017:2481\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"], \"url\": \"https://access.redhat.com/errata/RHSA-2017:2481\"}, {\"name\": \"RHSA-2017:2530\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"], \"url\": \"https://access.redhat.com/errata/RHSA-2017:2530\"}, {\"name\": \"RHSA-2017:3453\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"], \"url\": \"https://access.redhat.com/errata/RHSA-2017:3453\"}, {\"name\": \"RHSA-2017:2469\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"], \"url\": \"https://access.redhat.com/errata/RHSA-2017:2469\"}, {\"name\": \"DSA-3954\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"], \"url\": \"http://www.debian.org/security/2017/dsa-3954\"}, {\"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2017-10109\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-04T15:36:49.347638Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-04T15:37:08.936Z\"}}]}",
      "cveMetadata": "{\"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"assignerShortName\": \"oracle\", \"cveId\": \"CVE-2017-10109\", \"datePublished\": \"2017-08-08T15:00:00\", \"dateReserved\": \"2017-06-21T00:00:00\", \"dateUpdated\": \"2024-10-04T19:03:14.843Z\", \"state\": \"PUBLISHED\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.