Exploitable Vulnerability in Java SE and Java SE Embedded from Oracle
CVE-2017-3289

9.6CRITICAL

Key Information:

Vendor
Oracle
Status
Java Se
Java Se Embedded
Vendor
CVE Published:
27 January 2017

Summary

This vulnerability exists in the Java SE and Java SE Embedded components of Oracle's Java platform, particularly affecting specific versions. It allows an unauthenticated attacker with network access to exploit the system via various protocols. For successful exploitation, involvement from an end user is required, as the vulnerability is activated through untrusted code loading in a sandboxed environment, typically found in Java Web Start applications or Java applets. The impact of this vulnerability can extend beyond Java installations and may affect a variety of applications reliant on Java for execution.

Affected Version(s)

Java SE 7u121

Java SE 8u112

Java SE Embedded 8u111

References

http://www.debian.org/security/2017/dsa-3782
vendor-advisoryx_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2017-0176.html
vendor-advisoryx_refsource_REDHAT
https://security.gentoo.org/glsa/201701-65
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.