Exploitable Vulnerability in Java SE and Java SE Embedded from Oracle
CVE-2017-3289

9.6CRITICAL

Key Information:

Vendor

Oracle
Status
Java Se
Java Se Embedded
Vendor
CVE Published:
27 January 2017

What is CVE-2017-3289?

This vulnerability exists in the Java SE and Java SE Embedded components of Oracle's Java platform, particularly affecting specific versions. It allows an unauthenticated attacker with network access to exploit the system via various protocols. For successful exploitation, involvement from an end user is required, as the vulnerability is activated through untrusted code loading in a sandboxed environment, typically found in Java Web Start applications or Java applets. The impact of this vulnerability can extend beyond Java installations and may affect a variety of applications reliant on Java for execution.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Java SE 7u121

Java SE 8u112

Java SE Embedded 8u111

References

http://www.debian.org/security/2017/dsa-3782
vendor-advisoryx_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2017-0176.html
vendor-advisoryx_refsource_REDHAT
https://security.gentoo.org/glsa/201701-65
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.