Network Exploitation Vulnerability in Oracle Java SE and Java SE Embedded
CVE-2017-3231

4.3MEDIUM

Key Information:

Vendor
Oracle
Status
Java Se
Java Se Embedded
Vendor
CVE Published:
27 January 2017

Summary

A vulnerability in the networking component of Oracle's Java SE and Java SE Embedded products allows unauthorized access to accessible data for unauthenticated attackers with network access. While this vulnerability is easily exploitable, it requires interaction from a user other than the attacker. This issue primarily affects environments where untrusted code is executed, such as sandboxed Java Web Start applications or applets. It does not pose a risk in deployments that strictly run trusted code, making it crucial for users to ensure their Java environments are appropriately secured.

Affected Version(s)

Java SE 6u131

Java SE 7u121

Java SE 8u112

References

http://rhn.redhat.com/errata/RHSA-2017-0338.html
vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/95563
vdb-entryx_refsource_BID
http://www.debian.org/security/2017/dsa-3782
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.