cvelistv5 - cve-2017-10117

CVE-2017-10117 (GCVE-0-2017-10117)

Vulnerability from cvelistv5 – Published: 2017-08-08 15:00 – Updated: 2024-10-04 19:02

Summary

Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Severity ?

No CVSS data available.

CWE

Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java Advanced Management Console accessible data.

Assigner

oracle

References

URL

Tags

	http://www.securityfocus.com/bid/99835	vdb-entryx_refsource_BID
	https://security.netapp.com/advisory/ntap-2017072…	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1038931	vdb-entryx_refsource_SECTRACK
	https://security.gentoo.org/glsa/201709-22	vendor-advisoryx_refsource_GENTOO
	http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java	Affected: Java Advanced Management Console: 2.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:33:16.296Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "99835",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99835"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "name": "1038931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "GLSA-201709-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10117",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:36:47.428478Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T19:02:14.578Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java Advanced Management Console: 2.6"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java Advanced Management Console.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Java Advanced Management Console accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-09T10:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "99835",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99835"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
        },
        {
          "name": "1038931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038931"
        },
        {
          "name": "GLSA-201709-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-22"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10117",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java Advanced Management Console: 2.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java Advanced Management Console.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Java Advanced Management Console accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "99835",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99835"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10117",
    "datePublished": "2017-08-08T15:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-10-04T19:02:14.578Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:java_advanced_management_console:2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"15058582-065B-4EDA-834C-0F192F10A979\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad en el componente Java Advanced Management Console de Oracle Java SE (subcomponente: Server). La versi\\u00f3n compatible afectada es Java Advanced Management Console: 2.6. Una vulnerabilidad f\\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por HTTP comprometa la seguridad de Java Advanced Management Console. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso de lectura sin autorizaci\\u00f3n a un subconjunto de datos accesibles de Java Advanced Management Console. CVSS 3.0 Base Score 5.3 (impactos en la confidencialidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).\"}]",
      "id": "CVE-2017-10117",
      "lastModified": "2024-11-21T03:05:25.243",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-08-08T15:29:03.850",
      "references": "[{\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/99835\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038931\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://security.gentoo.org/glsa/201709-22\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20170720-0001/\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/99835\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038931\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://security.gentoo.org/glsa/201709-22\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20170720-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert_us@oracle.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-10117\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2017-08-08T15:29:03.850\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en el componente Java Advanced Management Console de Oracle Java SE (subcomponente: Server). La versi\u00f3n compatible afectada es Java Advanced Management Console: 2.6. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por HTTP comprometa la seguridad de Java Advanced Management Console. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso de lectura sin autorizaci\u00f3n a un subconjunto de datos accesibles de Java Advanced Management Console. CVSS 3.0 Base Score 5.3 (impactos en la confidencialidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:java_advanced_management_console:2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15058582-065B-4EDA-834C-0F192F10A979\"}]}]}],\"references\":[{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99835\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038931\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://security.gentoo.org/glsa/201709-22\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20170720-0001/\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99835\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038931\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://security.gentoo.org/glsa/201709-22\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20170720-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"product\": \"Java\", \"vendor\": \"Oracle Corporation\", \"versions\": [{\"status\": \"affected\", \"version\": \"Java Advanced Management Console: 2.6\"}]}], \"datePublic\": \"2017-07-18T00:00:00\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).\"}], \"problemTypes\": [{\"descriptions\": [{\"description\": \"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java Advanced Management Console.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Java Advanced Management Console accessible data.\", \"lang\": \"en\", \"type\": \"text\"}]}], \"providerMetadata\": {\"dateUpdated\": \"2017-11-09T10:57:01\", \"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\"}, \"references\": [{\"name\": \"99835\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"], \"url\": \"http://www.securityfocus.com/bid/99835\"}, {\"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://security.netapp.com/advisory/ntap-20170720-0001/\"}, {\"name\": \"1038931\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"], \"url\": \"http://www.securitytracker.com/id/1038931\"}, {\"name\": \"GLSA-201709-22\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"], \"url\": \"https://security.gentoo.org/glsa/201709-22\"}, {\"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\"}], \"x_legacyV4Record\": {\"CVE_data_meta\": {\"ASSIGNER\": \"secalert_us@oracle.com\", \"ID\": \"CVE-2017-10117\", \"STATE\": \"PUBLIC\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"product_name\": \"Java\", \"version\": {\"version_data\": [{\"version_affected\": \"=\", \"version_value\": \"Java Advanced Management Console: 2.6\"}]}}]}, \"vendor_name\": \"Oracle Corporation\"}]}}, \"data_format\": \"MITRE\", \"data_type\": \"CVE\", \"data_version\": \"4.0\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java Advanced Management Console.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Java Advanced Management Console accessible data.\"}]}]}, \"references\": {\"reference_data\": [{\"name\": \"99835\", \"refsource\": \"BID\", \"url\": \"http://www.securityfocus.com/bid/99835\"}, {\"name\": \"https://security.netapp.com/advisory/ntap-20170720-0001/\", \"refsource\": \"CONFIRM\", \"url\": \"https://security.netapp.com/advisory/ntap-20170720-0001/\"}, {\"name\": \"1038931\", \"refsource\": \"SECTRACK\", \"url\": \"http://www.securitytracker.com/id/1038931\"}, {\"name\": \"GLSA-201709-22\", \"refsource\": \"GENTOO\", \"url\": \"https://security.gentoo.org/glsa/201709-22\"}, {\"name\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\", \"refsource\": \"CONFIRM\", \"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\"}]}}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T17:33:16.296Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"name\": \"99835\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"], \"url\": \"http://www.securityfocus.com/bid/99835\"}, {\"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"https://security.netapp.com/advisory/ntap-20170720-0001/\"}, {\"name\": \"1038931\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"], \"url\": \"http://www.securitytracker.com/id/1038931\"}, {\"name\": \"GLSA-201709-22\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"], \"url\": \"https://security.gentoo.org/glsa/201709-22\"}, {\"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2017-10117\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-04T15:36:47.428478Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-04T15:37:06.668Z\"}}]}",
      "cveMetadata": "{\"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"assignerShortName\": \"oracle\", \"cveId\": \"CVE-2017-10117\", \"datePublished\": \"2017-08-08T15:00:00\", \"dateReserved\": \"2017-06-21T00:00:00\", \"dateUpdated\": \"2024-10-04T19:02:14.578Z\", \"state\": \"PUBLISHED\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CNVD-2017-28222

Vulnerability from cnvd - Published: 2017-09-26

Title

Oracle Java Advanced Management Console未授权读取漏洞

Description

Oracle Java SE是美国甲骨文（Oracle）公司的一套标准版Java平台，用于开发和部署桌面、服务器以及嵌入设备和实时环境中的Java应用程序。Java Advanced Management Console是其中的一个Java高级管理控制台组件，用于创建部署规则和规则集，管理Java应用程序。 Oracle Java SE中的Java Advanced Management Console组件2.6版本的Server子组件存在安全漏洞。远程攻击者可利用该漏洞未授权读取数据，影响数据的保密性。

Severity

中

Patch Name

Oracle Java Advanced Management Console未授权读取漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Reference

http://www.securityfocus.com/bid/99835

Impacted products

Name
Oracle Java Advanced Management Console 2.6

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "99835"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-10117",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10117"
    }
  },
  "description": "Oracle Java SE\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u5957\u6807\u51c6\u7248Java\u5e73\u53f0\uff0c\u7528\u4e8e\u5f00\u53d1\u548c\u90e8\u7f72\u684c\u9762\u3001\u670d\u52a1\u5668\u4ee5\u53ca\u5d4c\u5165\u8bbe\u5907\u548c\u5b9e\u65f6\u73af\u5883\u4e2d\u7684Java\u5e94\u7528\u7a0b\u5e8f\u3002Java Advanced Management Console\u662f\u5176\u4e2d\u7684\u4e00\u4e2aJava\u9ad8\u7ea7\u7ba1\u7406\u63a7\u5236\u53f0\u7ec4\u4ef6\uff0c\u7528\u4e8e\u521b\u5efa\u90e8\u7f72\u89c4\u5219\u548c\u89c4\u5219\u96c6\uff0c\u7ba1\u7406Java\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nOracle Java SE\u4e2d\u7684Java Advanced Management Console\u7ec4\u4ef62.6\u7248\u672c\u7684Server\u5b50\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u672a\u6388\u6743\u8bfb\u53d6\u6570\u636e\uff0c\u5f71\u54cd\u6570\u636e\u7684\u4fdd\u5bc6\u6027\u3002",
  "discovererName": "Oracle",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-28222",
  "openTime": "2017-09-26",
  "patchDescription": "Oracle Java SE\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u5957\u6807\u51c6\u7248Java\u5e73\u53f0\uff0c\u7528\u4e8e\u5f00\u53d1\u548c\u90e8\u7f72\u684c\u9762\u3001\u670d\u52a1\u5668\u4ee5\u53ca\u5d4c\u5165\u8bbe\u5907\u548c\u5b9e\u65f6\u73af\u5883\u4e2d\u7684Java\u5e94\u7528\u7a0b\u5e8f\u3002Java Advanced Management Console\u662f\u5176\u4e2d\u7684\u4e00\u4e2aJava\u9ad8\u7ea7\u7ba1\u7406\u63a7\u5236\u53f0\u7ec4\u4ef6\uff0c\u7528\u4e8e\u521b\u5efa\u90e8\u7f72\u89c4\u5219\u548c\u89c4\u5219\u96c6\uff0c\u7ba1\u7406Java\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nOracle Java SE\u4e2d\u7684Java Advanced Management Console\u7ec4\u4ef62.6\u7248\u672c\u7684Server\u5b50\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u672a\u6388\u6743\u8bfb\u53d6\u6570\u636e\uff0c\u5f71\u54cd\u6570\u636e\u7684\u4fdd\u5bc6\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Oracle Java Advanced Management Console\u672a\u6388\u6743\u8bfb\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Oracle Java Advanced Management Console 2.6"
  },
  "referenceLink": "http://www.securityfocus.com/bid/99835",
  "serverity": "\u4e2d",
  "submitTime": "2017-08-10",
  "title": "Oracle Java Advanced Management Console\u672a\u6388\u6743\u8bfb\u53d6\u6f0f\u6d1e"
}

GHSA-7CC6-GWR2-G44Q

Vulnerability from github – Published: 2022-05-13 01:41 – Updated: 2025-04-20 03:42

Details

Severity ?

5.3 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-10117"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-08T15:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
  "id": "GHSA-7cc6-gwr2-g44q",
  "modified": "2025-04-20T03:42:31Z",
  "published": "2022-05-13T01:41:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10117"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99835"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038931"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2017-AVI-223

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Oracle Java SE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	Java SE	Java SE versions 6u151, 7u141 et 8u131
Oracle	Java SE	Java Advanced Management Console version 2.6
Oracle	Java SE	JRockit version R28.3.14
Oracle	Java SE	Java SE Embedded version 8u131

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpujul2017-3236622 du 17 juillet 2017	None	vendor-advisory
Bulletin de sécurité Oracle cpujul2017-3236622 du 17 juillet 2017	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Java SE versions 6u151, 7u141 et 8u131",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Java Advanced Management Console version 2.6",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "JRockit version R28.3.14",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Java SE Embedded version 8u131",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-10176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10176"
    },
    {
      "name": "CVE-2017-10067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10067"
    },
    {
      "name": "CVE-2017-10087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10087"
    },
    {
      "name": "CVE-2017-10102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10102"
    },
    {
      "name": "CVE-2017-10118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10118"
    },
    {
      "name": "CVE-2017-10125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10125"
    },
    {
      "name": "CVE-2017-10121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10121"
    },
    {
      "name": "CVE-2017-10114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10114"
    },
    {
      "name": "CVE-2017-10074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10074"
    },
    {
      "name": "CVE-2017-10111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10111"
    },
    {
      "name": "CVE-2017-10105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10105"
    },
    {
      "name": "CVE-2017-10104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10104"
    },
    {
      "name": "CVE-2017-10198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10198"
    },
    {
      "name": "CVE-2017-10096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10096"
    },
    {
      "name": "CVE-2017-10135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10135"
    },
    {
      "name": "CVE-2017-10115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10115"
    },
    {
      "name": "CVE-2017-10145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10145"
    },
    {
      "name": "CVE-2017-10081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10081"
    },
    {
      "name": "CVE-2017-10116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10116"
    },
    {
      "name": "CVE-2017-10086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10086"
    },
    {
      "name": "CVE-2017-10117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10117"
    },
    {
      "name": "CVE-2017-10107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10107"
    },
    {
      "name": "CVE-2017-10193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10193"
    },
    {
      "name": "CVE-2017-10110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10110"
    },
    {
      "name": "CVE-2017-10108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10108"
    },
    {
      "name": "CVE-2017-10243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10243"
    },
    {
      "name": "CVE-2017-10101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10101"
    },
    {
      "name": "CVE-2017-10089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10089"
    },
    {
      "name": "CVE-2017-10078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10078"
    },
    {
      "name": "CVE-2017-10053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10053"
    },
    {
      "name": "CVE-2017-10090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10090"
    },
    {
      "name": "CVE-2017-10109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10109"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2017-3236622 du 17    juillet 2017",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    }
  ],
  "reference": "CERTFR-2017-AVI-223",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-07-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle Java SE\u003c/span\u003e. Certaines d\u0027entre elles permettent\n\u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par\nl\u0027\u00e9diteur, un d\u00e9ni de service et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Java SE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2017-3236622 du 17 juillet 2017",
      "url": null
    }
  ]
}

CERTFR-2017-AVI-223

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	Java SE	Java SE versions 6u151, 7u141 et 8u131
Oracle	Java SE	Java Advanced Management Console version 2.6
Oracle	Java SE	JRockit version R28.3.14
Oracle	Java SE	Java SE Embedded version 8u131

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpujul2017-3236622 du 17 juillet 2017	None	vendor-advisory
Bulletin de sécurité Oracle cpujul2017-3236622 du 17 juillet 2017	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Java SE versions 6u151, 7u141 et 8u131",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Java Advanced Management Console version 2.6",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "JRockit version R28.3.14",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Java SE Embedded version 8u131",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-10176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10176"
    },
    {
      "name": "CVE-2017-10067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10067"
    },
    {
      "name": "CVE-2017-10087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10087"
    },
    {
      "name": "CVE-2017-10102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10102"
    },
    {
      "name": "CVE-2017-10118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10118"
    },
    {
      "name": "CVE-2017-10125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10125"
    },
    {
      "name": "CVE-2017-10121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10121"
    },
    {
      "name": "CVE-2017-10114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10114"
    },
    {
      "name": "CVE-2017-10074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10074"
    },
    {
      "name": "CVE-2017-10111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10111"
    },
    {
      "name": "CVE-2017-10105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10105"
    },
    {
      "name": "CVE-2017-10104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10104"
    },
    {
      "name": "CVE-2017-10198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10198"
    },
    {
      "name": "CVE-2017-10096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10096"
    },
    {
      "name": "CVE-2017-10135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10135"
    },
    {
      "name": "CVE-2017-10115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10115"
    },
    {
      "name": "CVE-2017-10145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10145"
    },
    {
      "name": "CVE-2017-10081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10081"
    },
    {
      "name": "CVE-2017-10116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10116"
    },
    {
      "name": "CVE-2017-10086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10086"
    },
    {
      "name": "CVE-2017-10117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10117"
    },
    {
      "name": "CVE-2017-10107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10107"
    },
    {
      "name": "CVE-2017-10193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10193"
    },
    {
      "name": "CVE-2017-10110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10110"
    },
    {
      "name": "CVE-2017-10108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10108"
    },
    {
      "name": "CVE-2017-10243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10243"
    },
    {
      "name": "CVE-2017-10101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10101"
    },
    {
      "name": "CVE-2017-10089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10089"
    },
    {
      "name": "CVE-2017-10078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10078"
    },
    {
      "name": "CVE-2017-10053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10053"
    },
    {
      "name": "CVE-2017-10090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10090"
    },
    {
      "name": "CVE-2017-10109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10109"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2017-3236622 du 17    juillet 2017",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    }
  ],
  "reference": "CERTFR-2017-AVI-223",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-07-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle Java SE\u003c/span\u003e. Certaines d\u0027entre elles permettent\n\u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par\nl\u0027\u00e9diteur, un d\u00e9ni de service et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Java SE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2017-3236622 du 17 juillet 2017",
      "url": null
    }
  ]
}

FKIE_CVE-2017-10117

Vulnerability from fkie_nvd - Published: 2017-08-08 15:29 - Updated: 2025-04-20 01:37

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

References

URL	Tags
secalert_us@oracle.com	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	Patch, Vendor Advisory
secalert_us@oracle.com	http://www.securityfocus.com/bid/99835	Third Party Advisory, VDB Entry
secalert_us@oracle.com	http://www.securitytracker.com/id/1038931	Third Party Advisory, VDB Entry
secalert_us@oracle.com	https://security.gentoo.org/glsa/201709-22
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20170720-0001/
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99835	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038931	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201709-22
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20170720-0001/

Impacted products

	Vendor	Product	Version
	oracle	java_advanced_management_console	2.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:java_advanced_management_console:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "15058582-065B-4EDA-834C-0F192F10A979",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el componente Java Advanced Management Console de Oracle Java SE (subcomponente: Server). La versi\u00f3n compatible afectada es Java Advanced Management Console: 2.6. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por HTTP comprometa la seguridad de Java Advanced Management Console. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso de lectura sin autorizaci\u00f3n a un subconjunto de datos accesibles de Java Advanced Management Console. CVSS 3.0 Base Score 5.3 (impactos en la confidencialidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
    }
  ],
  "id": "CVE-2017-10117",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T15:29:03.850",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99835"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201709-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

WID-SEC-W-2025-1210

Vulnerability from csaf_certbund - Published: 2017-07-18 22:00 - Updated: 2025-06-02 22:00

Summary

Oracle Java SE: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE). Java Standard Edition (SE) Embedded ist die Laufzeitumgebung für die Java-Plattform des US-Unternehmens Oracle Corporation für Embedded Systems. Oracle JRockit JVM ist eine leistungsfähige Java Virtual Machine, die in Oracle Fusion Middleware enthalten ist.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE, Oracle Java SE Embedded und Oracle JRockit ausnutzen,um Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden.

Betroffene Betriebssysteme

- F5 Networks - Linux - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).\r\nJava Standard Edition (SE) Embedded ist die Laufzeitumgebung f\u00fcr die Java-Plattform des US-Unternehmens Oracle Corporation f\u00fcr Embedded Systems.\r\nOracle JRockit JVM ist eine leistungsf\u00e4hige Java Virtual Machine, die in Oracle Fusion Middleware enthalten ist.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE, Oracle Java SE Embedded und Oracle JRockit ausnutzen,um Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- F5 Networks\n- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1210 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2017/wid-sec-w-2025-1210.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1210 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1210"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - July 2017 - Appendix - Oracle Java SE vom 2017-07-18",
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:1792 vom 2017-07-20",
        "url": "https://access.redhat.com/errata/RHSA-2017:1792"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:1791 vom 2017-07-20",
        "url": "https://access.redhat.com/errata/RHSA-2017:1791"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:1790 vom 2017-07-20",
        "url": "https://access.redhat.com/errata/RHSA-2017:1790"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:1789 vom 2017-07-20",
        "url": "https://access.redhat.com/errata/RHSA-2017:1789"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2017-1789 vom 2017-07-21",
        "url": "http://linux.oracle.com/errata/ELSA-2017-1789.html"
      },
      {
        "category": "external",
        "summary": "CentOS-announce CESA-2017:1789  vom 2017-07-23",
        "url": "https://lists.centos.org/pipermail/centos-announce/2017-July/022508.html"
      },
      {
        "category": "external",
        "summary": "CentOS-announce CESA-2017:1789  vom 2017-07-23",
        "url": "https://lists.centos.org/pipermail/centos-announce/2017-July/022509.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-3919-1 vom 2017-07-25",
        "url": "https://lists.debian.org/debian-security-announce/2017/msg00181.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3366-1 vom 2017-07-27",
        "url": "http://www.ubuntu.com/usn/usn-3366-1/"
      },
      {
        "category": "external",
        "summary": "Xerox Security Bulletin XRX17-018 vom 2017-08-02",
        "url": "https://security.business.xerox.com/wp-content/uploads/2017/08/cert_XRX17-018_FFPS2-1_Standalone_Aug2017-1.pdf"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory RHSA-2017:2424",
        "url": "https://access.redhat.com/errata/RHSA-2017:2424"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2017-2424 vom 2017-08-09",
        "url": "http://linux.oracle.com/errata/ELSA-2017-2424.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:2469 vom 2017-08-14",
        "url": "https://access.redhat.com/errata/RHSA-2017:2469"
      },
      {
        "category": "external",
        "summary": "Xerox Security Bulletin XRX17-020",
        "url": "https://security.business.xerox.com/wp-content/uploads/2017/08/cert_XRX17-020_FFPSv8_UpdateManager_Aug2017-1.pdf"
      },
      {
        "category": "external",
        "summary": "Xerox Security Bulletin XRX17-019",
        "url": "https://security.business.xerox.com/wp-content/uploads/2017/08/cert_XRX17-019_FFPSv8_MediaDelivery_Aug2017-1.pdf"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:2481 vom 2017-08-16",
        "url": "https://access.redhat.com/errata/RHSA-2017:2481"
      },
      {
        "category": "external",
        "summary": "CentOS-announce CESA-2017:2424 vom 2017-08-15",
        "url": "https://lists.centos.org/pipermail/centos-announce/2017-August/022517.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:2175-1 vom 2017-08-16",
        "url": "https://www.suse.com/de-de/support/update/announcement/2017/suse-su-20172175-1/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3396-1 vom 2017-08-18",
        "url": "http://www.ubuntu.com/usn/usn-3396-1/"
      },
      {
        "category": "external",
        "summary": "Xerox Security Bulletin XRX17-022 vom 2017-08-18",
        "url": "https://security.business.xerox.com/wp-content/uploads/2017/08/cert_XRX17-022_FFPSv7_v9_UpdateManager_Aug2017.pdf"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:2530 vom 2017-08-23",
        "url": "https://access.redhat.com/errata/RHSA-2017:2530"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:2263-1 vom 2017-08-25",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172263-1.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-3954 vom 2017-08-26",
        "url": "https://www.debian.org/security/2017/dsa-3954"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:2280-1 vom 2017-08-29",
        "url": "https://lists.opensuse.org/opensuse-security-announce/2017-08/msg00069.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:2281-1 vom 2017-08-29",
        "url": "https://lists.opensuse.org/opensuse-security-announce/2017-08/msg00070.html"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K91024405 vom 2017-10-12",
        "url": "https://support.f5.com/csp/article/K91024405"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K52342540 vom 2017-10-12",
        "url": "https://support.f5.com/csp/article/K52342540"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K11936401 vom 2017-10-12",
        "url": "https://support.f5.com/csp/article/K11936401"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-4005 vom 2017-10-21",
        "url": "https://www.debian.org/security/2017/dsa-4005"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K35104614 vom 2017-11-01",
        "url": "https://support.f5.com/csp/article/K35104614"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K04734043 vom 2017-11-13",
        "url": "https://support.f5.com/csp/article/K04734043"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K23489380 vom 2017-11-13",
        "url": "https://support.f5.com/csp/article/K23489380"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K05911127 vom 2017-11-16",
        "url": "https://support.f5.com/csp/article/K05911127"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:3392 vom 2017-12-06",
        "url": "https://access.redhat.com/errata/RHSA-2017:3392"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2017-3392 vom 2017-12-07",
        "url": "http://linux.oracle.com/errata/ELSA-2017-3392.html"
      },
      {
        "category": "external",
        "summary": "CentOS-announce CESA-2017:3392 vom 2017-12-06",
        "url": "https://lists.centos.org/pipermail/centos-announce/2017-December/022688.html"
      },
      {
        "category": "external",
        "summary": "CentOS-announce CESA-2017:3392 vom 2017-12-06",
        "url": "https://lists.centos.org/pipermail/centos-announce/2017-December/022689.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:3453 vom 2017-12-13",
        "url": "https://access.redhat.com/errata/RHSA-2017:3453"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2018:0005-1 vom 2018-01-04",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180005-1.html"
      },
      {
        "category": "external",
        "summary": "NetApp Security Advisory NTAP-20170720-0001 vom 2018-01-19",
        "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K28418435 vom 2018-03-10",
        "url": "https://support.f5.com/csp/article/K28418435"
      },
      {
        "category": "external",
        "summary": "XEROX Security Advisory XRX25-012 vom 2025-06-02",
        "url": "https://security.business.xerox.com/wp-content/uploads/2025/06/Xerox-Security-Bulletin-XRX25-012-for-Xerox-FreeFlow-Print-Server-v9.pdf"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Java SE: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-06-02T22:00:00.000+00:00",
      "generator": {
        "date": "2025-06-03T09:23:34.409+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-1210",
      "initial_release_date": "2017-07-18T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2017-07-18T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2017-07-18T22:00:00.000+00:00",
          "number": "2",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-07-20T22:00:00.000+00:00",
          "number": "3",
          "summary": "New remediations available"
        },
        {
          "date": "2017-07-25T22:00:00.000+00:00",
          "number": "4",
          "summary": "New remediations available"
        },
        {
          "date": "2017-07-25T22:00:00.000+00:00",
          "number": "5",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-07-26T22:00:00.000+00:00",
          "number": "6",
          "summary": "New remediations available"
        },
        {
          "date": "2017-08-06T22:00:00.000+00:00",
          "number": "7",
          "summary": "New remediations available"
        },
        {
          "date": "2017-08-06T22:00:00.000+00:00",
          "number": "8",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-08-07T22:00:00.000+00:00",
          "number": "9",
          "summary": "New remediations available"
        },
        {
          "date": "2017-08-09T22:00:00.000+00:00",
          "number": "10",
          "summary": "New remediations available"
        },
        {
          "date": "2017-08-14T22:00:00.000+00:00",
          "number": "11",
          "summary": "New remediations available"
        },
        {
          "date": "2017-08-14T22:00:00.000+00:00",
          "number": "12",
          "summary": "New remediations available"
        },
        {
          "date": "2017-08-14T22:00:00.000+00:00",
          "number": "13",
          "summary": "New remediations available"
        },
        {
          "date": "2017-08-15T22:00:00.000+00:00",
          "number": "14",
          "summary": "New remediations available"
        },
        {
          "date": "2017-08-15T22:00:00.000+00:00",
          "number": "15",
          "summary": "New remediations available"
        },
        {
          "date": "2017-08-16T22:00:00.000+00:00",
          "number": "16",
          "summary": "New remediations available"
        },
        {
          "date": "2017-08-17T22:00:00.000+00:00",
          "number": "17",
          "summary": "New remediations available"
        },
        {
          "date": "2017-08-22T22:00:00.000+00:00",
          "number": "18",
          "summary": "New remediations available"
        },
        {
          "date": "2017-08-22T22:00:00.000+00:00",
          "number": "19",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-08-23T22:00:00.000+00:00",
          "number": "20",
          "summary": "New remediations available"
        },
        {
          "date": "2017-08-27T22:00:00.000+00:00",
          "number": "21",
          "summary": "New remediations available"
        },
        {
          "date": "2017-08-28T22:00:00.000+00:00",
          "number": "22",
          "summary": "New remediations available"
        },
        {
          "date": "2017-08-28T22:00:00.000+00:00",
          "number": "23",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-08-28T22:00:00.000+00:00",
          "number": "24",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-10-22T22:00:00.000+00:00",
          "number": "25",
          "summary": "New remediations available"
        },
        {
          "date": "2017-10-22T22:00:00.000+00:00",
          "number": "26",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-11-13T23:00:00.000+00:00",
          "number": "27",
          "summary": "New remediations available"
        },
        {
          "date": "2017-11-15T23:00:00.000+00:00",
          "number": "28",
          "summary": "New remediations available"
        },
        {
          "date": "2017-12-06T23:00:00.000+00:00",
          "number": "29",
          "summary": "New remediations available"
        },
        {
          "date": "2017-12-06T23:00:00.000+00:00",
          "number": "30",
          "summary": "New remediations available"
        },
        {
          "date": "2017-12-06T23:00:00.000+00:00",
          "number": "31",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-12-13T23:00:00.000+00:00",
          "number": "32",
          "summary": "New remediations available"
        },
        {
          "date": "2018-01-03T23:00:00.000+00:00",
          "number": "33",
          "summary": "New remediations available"
        },
        {
          "date": "2018-01-21T23:00:00.000+00:00",
          "number": "34",
          "summary": "New remediations available"
        },
        {
          "date": "2018-03-11T23:00:00.000+00:00",
          "number": "35",
          "summary": "New remediations available"
        },
        {
          "date": "2025-06-02T22:00:00.000+00:00",
          "number": "36",
          "summary": "Neue Updates von XEROX aufgenommen"
        }
      ],
      "status": "final",
      "version": "36"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "F5 Enterprise Manager",
            "product": {
              "name": "F5 Enterprise Manager",
              "product_id": "T000125",
              "product_identification_helper": {
                "cpe": "cpe:/a:f5:enterprise_manager:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "F5"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source CentOS",
            "product": {
              "name": "Open Source CentOS",
              "product_id": "1727",
              "product_identification_helper": {
                "cpe": "cpe:/o:centos:centos:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "28.3.14",
                "product": {
                  "name": "Oracle JRockit 28.3.14",
                  "product_id": "T010382",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:jrockit:28.3.14"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "JRockit"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "6u151",
                "product": {
                  "name": "Oracle Java SE 6u151",
                  "product_id": "T010371",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:6u151"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7u141",
                "product": {
                  "name": "Oracle Java SE 7u141",
                  "product_id": "T010373",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:7u141"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8u131",
                "product": {
                  "name": "Oracle Java SE 8u131",
                  "product_id": "T010374",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:8u131"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Java SE"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8u131",
                "product": {
                  "name": "Oracle Java SE Embedded 8u131",
                  "product_id": "T010379",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se_embedded:8u131"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Java SE Embedded"
          },
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "9",
                "product": {
                  "name": "Xerox FreeFlow Print Server 9",
                  "product_id": "T002977",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:xerox:freeflow_print_server:9"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Xerox FreeFlow Print Server",
                "product": {
                  "name": "Xerox FreeFlow Print Server",
                  "product_id": "T010509",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:xerox:freeflow_print_server:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FreeFlow Print Server"
          }
        ],
        "category": "vendor",
        "name": "Xerox"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-10053",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10053"
    },
    {
      "cve": "CVE-2017-10067",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10067"
    },
    {
      "cve": "CVE-2017-10074",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10074"
    },
    {
      "cve": "CVE-2017-10078",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10078"
    },
    {
      "cve": "CVE-2017-10081",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10081"
    },
    {
      "cve": "CVE-2017-10086",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10086"
    },
    {
      "cve": "CVE-2017-10087",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10087"
    },
    {
      "cve": "CVE-2017-10089",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10089"
    },
    {
      "cve": "CVE-2017-10090",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10090"
    },
    {
      "cve": "CVE-2017-10096",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10096"
    },
    {
      "cve": "CVE-2017-10101",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10101"
    },
    {
      "cve": "CVE-2017-10102",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10102"
    },
    {
      "cve": "CVE-2017-10104",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10104"
    },
    {
      "cve": "CVE-2017-10105",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10105"
    },
    {
      "cve": "CVE-2017-10107",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10107"
    },
    {
      "cve": "CVE-2017-10108",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10108"
    },
    {
      "cve": "CVE-2017-10109",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10109"
    },
    {
      "cve": "CVE-2017-10110",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10110"
    },
    {
      "cve": "CVE-2017-10111",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10111"
    },
    {
      "cve": "CVE-2017-10114",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10114"
    },
    {
      "cve": "CVE-2017-10115",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10115"
    },
    {
      "cve": "CVE-2017-10116",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10116"
    },
    {
      "cve": "CVE-2017-10117",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10117"
    },
    {
      "cve": "CVE-2017-10118",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10118"
    },
    {
      "cve": "CVE-2017-10121",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10121"
    },
    {
      "cve": "CVE-2017-10125",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10125"
    },
    {
      "cve": "CVE-2017-10135",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10135"
    },
    {
      "cve": "CVE-2017-10145",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10145"
    },
    {
      "cve": "CVE-2017-10176",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10176"
    },
    {
      "cve": "CVE-2017-10193",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10193"
    },
    {
      "cve": "CVE-2017-10198",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10198"
    },
    {
      "cve": "CVE-2017-10243",
      "product_status": {
        "known_affected": [
          "67646",
          "T010379",
          "T010374",
          "T010373",
          "T002977",
          "T004914",
          "T010371",
          "T010382",
          "2951",
          "T002207",
          "T000126",
          "T000125",
          "1727",
          "T010509"
        ]
      },
      "release_date": "2017-07-18T22:00:00.000+00:00",
      "title": "CVE-2017-10243"
    }
  ]
}

GSD-2017-10117

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-10117

Aliases

CVE-2017-10117

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-10117",
    "description": "Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
    "id": "GSD-2017-10117"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-10117"
      ],
      "details": "Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
      "id": "GSD-2017-10117",
      "modified": "2023-12-13T01:21:14.932103Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert_us@oracle.com",
        "ID": "CVE-2017-10117",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Java",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "Java Advanced Management Console: 2.6"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Oracle Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java Advanced Management Console.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Java Advanced Management Console accessible data."
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "99835",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/99835"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
          },
          {
            "name": "1038931",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1038931"
          },
          {
            "name": "GLSA-201709-22",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201709-22"
          },
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:java_advanced_management_console:2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10117"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            },
            {
              "name": "1038931",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1038931"
            },
            {
              "name": "99835",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/99835"
            },
            {
              "name": "GLSA-201709-22",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/201709-22"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-08-08T15:29Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-10117 (GCVE-0-2017-10117)

CNVD-2017-28222

GHSA-7CC6-GWR2-G44Q

CERTFR-2017-AVI-223

Solution

CERTFR-2017-AVI-223

Solution

FKIE_CVE-2017-10117

WID-SEC-W-2025-1210

GSD-2017-10117

Tags

Sightings

Nomenclature