Vulnerability Details : CVE-2017-10109

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Vulnerability category: Denial of service

Published 2017-08-08 15:29:04

Updated 2022-10-06 19:02:01

Source Oracle

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2017-10109

Probability of exploitation activity in the next 30 days: 0.17%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 53 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-10109

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	[email protected]
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L	3.9	1.4	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: Low

References for CVE-2017-10109

https://access.redhat.com/errata/RHSA-2017:1789

Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:1791

Third Party Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/201709-22

Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1038931

Broken Link

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:1790

Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/99847

Broken Link
https://access.redhat.com/errata/RHSA-2017:2469

Third Party Advisory

CVEs referencing this url
http://www.debian.org/security/2017/dsa-3919

Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:2424

Third Party Advisory

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20170720-0001/

Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:2530

Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:3453

Third Party Advisory

CVEs referencing this url
http://www.debian.org/security/2017/dsa-3954

Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:2481

Third Party Advisory

CVEs referencing this url
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Patch;Vendor Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:1792

Third Party Advisory

CVEs referencing this url

Products affected by CVE-2017-10109

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.5
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Satellite » Version: 5.8
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
Matching versions
Oracle » Jrockit » Version: R28.3.14
cpe:2.3:a:oracle:jrockit:r28.3.14:*:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.7.0 Update Update141
cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.8.0 Update Update131
cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.6.0 Update Update151
cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.6.0 Update Update151
cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.7.0 Update Update141
cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.8.0 Update Update131
cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Balance » Version: N/A
cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Insight » Version: N/A
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
Matching versions
Netapp » Cloud Backup » Version: N/A
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Unified Manager » For Windows
Versions up to, including, (<=) 7.1
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*
Matching versions
Netapp » Oncommand Unified Manager » For Vsphere
Versions up to, including, (<=) 7.1
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*
Matching versions
Netapp » Oncommand Unified Manager » Version: N/A For 7-mode
cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*
Matching versions
Netapp » Snapmanager » Version: N/A For Oracle
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
Matching versions
Netapp » Snapmanager » Version: N/A For SAP
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
Matching versions
Netapp » Element Software » Version: N/A
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
Matching versions
Netapp » Steelstore Cloud Integrated Storage » Version: N/A
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
Matching versions
Netapp » E-series Santricity Os Controller
Versions from including (>=) 11.0 and up to, including, (<=) 11.70.1
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
Matching versions
Netapp » E-series Santricity Storage Manager » Version: N/A
cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
Matching versions
Netapp » Virtual Storage Console » For Vmware Vsphere
Versions from including (>=) 7.2
cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*
Matching versions
Netapp » Virtual Storage Console » Version: 6.0 For Vmware Vsphere
cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*
Matching versions
Netapp » Oncommand Performance Manager » Version: N/A For Vmware Vsphere
cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*
Matching versions
Netapp » Oncommand Shift » Version: N/A
cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*
Matching versions
Netapp » Active Iq Unified Manager » For Windows
Versions from including (>=) 7.3
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
Matching versions
Netapp » Active Iq Unified Manager » For Vmware Vsphere
Versions from including (>=) 9.5
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
Matching versions
Netapp » Storage Replication Adapter For Clustered Data Ontap » For Windows
Versions from including (>=) 7.2
cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*
Matching versions
Netapp » Storage Replication Adapter For Clustered Data Ontap » Version: 9.6 For Vmware Vsphere
cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*
Matching versions
Netapp » Vasa Provider For Clustered Data Ontap
Versions from including (>=) 7.2
cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*
Matching versions
Netapp » Vasa Provider For Clustered Data Ontap » Version: 6.0
cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*
Matching versions
Netapp » Plug-in For Symantec Netbackup » Version: N/A
cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
Matching versions