Vulnerability Details : CVE-2017-10347

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Vulnerability category: Denial of service

Published 2017-10-19 17:29:04

Updated 2022-07-30 03:36:41

Source Oracle

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2017-10347

Probability of exploitation activity in the next 30 days: 0.17%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 53 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-10347

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	[email protected]
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L	3.9	1.4	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: Low

References for CVE-2017-10347

https://security.gentoo.org/glsa/201711-14

Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:3268

Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:3046

Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html

Mailing List;Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:3264

Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:2999

Third Party Advisory

CVEs referencing this url
https://www.debian.org/security/2017/dsa-4015

Third Party Advisory

CVEs referencing this url
https://www.debian.org/security/2017/dsa-4048

Third Party Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/201710-31

Third Party Advisory

CVEs referencing this url
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Patch;Vendor Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:3392

Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:3047

Third Party Advisory

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20171019-0001/

Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1039596

Broken Link

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:2998

Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:3453

Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/101382

Broken Link
https://access.redhat.com/errata/RHSA-2017:3267

Third Party Advisory

CVEs referencing this url

Products affected by CVE-2017-10347

Debian » Debian Linux » Version: 7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.5
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Satellite » Version: 5.8
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.7.0 Update Update151
cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.8.0 Update Update144
cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.9.0
cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.6.0 Update Update161
cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.9.0
cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.6.0 Update Update161
cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.8.0 Update Update144
cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.7.0 Update Update151
cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Balance » Version: N/A
cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Workflow Automation » Version: N/A
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Insight » Version: N/A
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
Matching versions
Netapp » Cloud Backup » Version: N/A
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Unified Manager » For Vsphere
Versions up to, including, (<=) 7.1
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*
Matching versions
Netapp » Oncommand Unified Manager » For Windows
Versions up to, including, (<=) 7.1
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*
Matching versions
Netapp » Oncommand Unified Manager » Version: N/A For 7-mode
cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*
Matching versions
Netapp » Snapmanager » Version: N/A For Oracle
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
Matching versions
Netapp » Snapmanager » Version: N/A For SAP
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
Matching versions
Netapp » Element Software » Version: N/A
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
Matching versions
Netapp » Steelstore Cloud Integrated Storage » Version: N/A
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
Matching versions
Netapp » E-series Santricity Os Controller
Versions from including (>=) 11.0 and up to, including, (<=) 11.70.1
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
Matching versions
Netapp » E-series Santricity Storage Manager » Version: N/A
cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
Matching versions
Netapp » E-series Santricity Web Services » Version: N/A For Web Services Proxy
cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
Matching versions
Netapp » Virtual Storage Console » For Vmware Vsphere
Versions from including (>=) 7.2
cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*
Matching versions
Netapp » Virtual Storage Console » Version: 6.0 For Vmware Vsphere
cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*
Matching versions
Netapp » E-series Santricity Management Plug-ins » Version: N/A For Vmware Vcenter
cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*
Matching versions
Netapp » Oncommand Performance Manager » Version: N/A For Vmware Vsphere
cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*
Matching versions
Netapp » Oncommand Shift » Version: N/A
cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*
Matching versions
Netapp » Active Iq Unified Manager » For Windows
Versions from including (>=) 7.3
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
Matching versions
Netapp » Active Iq Unified Manager » For Vmware Vsphere
Versions from including (>=) 9.5
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
Matching versions
Netapp » Storage Replication Adapter For Clustered Data Ontap » For Vmware Vsphere
Versions from including (>=) 7.2
cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*
Matching versions
Netapp » Storage Replication Adapter For Clustered Data Ontap » For Windows
Versions from including (>=) 7.2
cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*
Matching versions
Netapp » Vasa Provider For Clustered Data Ontap
Versions from including (>=) 7.2
cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*
Matching versions
Netapp » Vasa Provider For Clustered Data Ontap » Version: 6.0
cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*
Matching versions
Netapp » Plug-in For Symantec Netbackup » Version: N/A
cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
Matching versions