Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveOracleCVE-2017-10350
HistoryOct 19, 2017 - 5:29 p.m.

CVE-2017-10350

2017-10-1917:29:04
oracle
web.nvd.nist.gov
141
cve-2017-10350
java
java se
oracle
jax-ws
vulnerability
security
dos

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

5.4

Confidence

High

EPSS

0.002

Percentile

59.1%

JSON

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Affected configurations

Nvd
Vulners
Node
oraclejdkMatch1.7.0update151
OR
oraclejdkMatch1.8.0update144
OR
oraclejdkMatch1.9.0
OR
oraclejreMatch1.7.0update151
OR
oraclejreMatch1.8.0update144
OR
oraclejreMatch1.9.0
Node
redhatsatelliteMatch5.8
OR
redhatenterprise_linux_desktopMatch6.0
OR
redhatenterprise_linux_desktopMatch7.0
OR
redhatenterprise_linux_eusMatch7.4
OR
redhatenterprise_linux_eusMatch7.5
OR
redhatenterprise_linux_eusMatch7.6
OR
redhatenterprise_linux_eusMatch7.7
OR
redhatenterprise_linux_serverMatch6.0
OR
redhatenterprise_linux_serverMatch7.0
OR
redhatenterprise_linux_server_ausMatch7.4
OR
redhatenterprise_linux_server_ausMatch7.6
OR
redhatenterprise_linux_server_ausMatch7.7
OR
redhatenterprise_linux_server_tusMatch7.4
OR
redhatenterprise_linux_server_tusMatch7.6
OR
redhatenterprise_linux_server_tusMatch7.7
OR
redhatenterprise_linux_workstationMatch6.0
OR
redhatenterprise_linux_workstationMatch7.0
Node
netappactive_iq_unified_managerRange7.3windows
OR
netappactive_iq_unified_managerRange9.5vmware_vsphere
OR
netappcloud_backupMatch-
OR
netappe-series_santricity_management_plug-insMatch-vmware_vcenter
OR
netappe-series_santricity_os_controllerRange11.011.70.1
OR
netappe-series_santricity_storage_managerMatch-
OR
netappe-series_santricity_web_servicesMatch-web_services_proxy
OR
netappelement_softwareMatch-
OR
netapponcommand_balanceMatch-
OR
netapponcommand_insightMatch-
OR
netapponcommand_performance_managerMatch-vmware_vsphere
OR
netapponcommand_shiftMatch-
OR
netapponcommand_unified_managerRange7.1vsphere
OR
netapponcommand_unified_managerRange7.1windows
OR
netapponcommand_unified_managerMatch-7-mode
OR
netapponcommand_workflow_automationMatch-
OR
netappplug-in_for_symantec_netbackupMatch-
OR
netappsnapmanagerMatch-oracle
OR
netappsnapmanagerMatch-sap
OR
netappsteelstore_cloud_integrated_storageMatch-
OR
netappstorage_replication_adapter_for_clustered_data_ontapRange7.2vmware_vsphere
OR
netappstorage_replication_adapter_for_clustered_data_ontapRange7.2windows
OR
netappvasa_provider_for_clustered_data_ontapRange7.2
OR
netappvasa_provider_for_clustered_data_ontapMatch6.0
OR
netappvirtual_storage_consoleRange7.2vmware_vsphere
OR
netappvirtual_storage_consoleMatch6.0vmware_vsphere
Node
debiandebian_linuxMatch7.0
OR
debiandebian_linuxMatch8.0
OR
debiandebian_linuxMatch9.0
VendorProductVersionCPE
oraclejdk1.7.0cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*
oraclejdk1.8.0cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*
oraclejdk1.9.0cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*
oraclejre1.7.0cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*
oraclejre1.8.0cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*
oraclejre1.9.0cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*
redhatsatellite5.8cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
redhatenterprise_linux_desktop6.0cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
redhatenterprise_linux_desktop7.0cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
redhatenterprise_linux_eus7.4cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
Rows per page:
1-10 of 521

CNA Affected

[
  {
    "product": "Java",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Java SE: 7u151"
      },
      {
        "status": "affected",
        "version": "8u144"
      },
      {
        "status": "affected",
        "version": "9; Java SE Embedded: 8u144"
      }
    ]
  }
]

Related

cvelist 1
nvd 1
redhatcve 1
ubuntucve 1
prion 1
debiancve 1
veracode 1
openvas 28
ibm 39
redhat 8
nessus 47
osv 4
debian 3
oraclelinux 2
centos 2
gentoo 2
ubuntu 2
mageia 1
amazon 2
suse 10
aix 1
kaspersky 1
photon 1
oracle 1
cvelist
cvelist
CVE-2017-10350
2017-10-19 17:00:00
nvd
nvd
CVE-2017-10350
2017-10-19 17:29:04
redhatcve
redhatcve
CVE-2017-10350
2017-10-17 21:20:57
ubuntucve
ubuntucve
CVE-2017-10350
2017-10-19 00:00:00
prion
prion
Code injection
2017-10-19 17:29:00
debiancve
debiancve
CVE-2017-10350
2017-10-19 17:29:04
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:37:53
openvas
openvas
Oracle Java SE Security Updates (oct2017-3236626) 04 - Windows
2017-10-18 00:00:00
Oracle Java SE Security Updates (oct2017-3236626) 04 - Linux
2017-10-18 00:00:00
Debian: Security Advisory (DSA-4015-1)
2017-11-01 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ
2018-06-15 07:09:06
SECURITY BULLETIN: Multiple vulnerabilities in IBM Java Runtime affect IBM QRadar SIEM.
2018-06-16 22:06:31
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for SAP Applications
2018-06-17 12:19:15
redhat
redhat
(RHSA-2017:2998) Critical: java-1.8.0-openjdk security update
2017-10-20 10:13:17
(RHSA-2017:3268) Critical: java-1.7.1-ibm security update
2017-11-28 20:28:12
(RHSA-2017:3264) Critical: java-1.8.0-ibm security update
2017-11-27 17:52:25
nessus
nessus
Virtuozzo 6 : java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc (VZLSA-2017-2998)
2017-11-16 00:00:00
NewStart CGSL MAIN 4.05 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0119)
2019-08-12 00:00:00
Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20171020)
2017-10-23 00:00:00
osv
osv
openjdk-8 - security update
2017-11-02 00:00:00
openjdk-7 - security update
2017-11-23 00:00:00
openjdk-7 - security update
2017-11-23 00:00:00
debian
debian
[SECURITY] [DSA 4015-1] openjdk-8 security update
2017-11-02 21:44:03
[SECURITY] [DSA 4048-1] openjdk-7 security update
2017-11-23 22:11:38
[SECURITY] [DLA 1187-1] openjdk-7 security update
2017-11-23 17:31:43
oraclelinux
oraclelinux
java-1.8.0-openjdk security update
2017-10-20 00:00:00
java-1.7.0-openjdk security and bug fix update
2017-12-06 00:00:00
centos
centos
java security update
2017-10-20 15:50:18
java security update
2017-12-06 15:21:38
gentoo
gentoo
IcedTea: Multiple vulnerabilities
2017-11-19 00:00:00
Oracle JDK/JRE: Multiple vulnerabilities
2017-10-29 00:00:00
ubuntu
ubuntu
OpenJDK 8 vulnerabilities
2017-11-08 00:00:00
OpenJDK 7 vulnerabilities
2017-11-29 00:00:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2017-12-21 21:18:18
amazon
amazon
Critical: java-1.8.0-openjdk
2017-10-26 19:46:00
Critical: java-1.7.0-openjdk
2017-12-20 19:02:00
suse
suse
Security update for java-1_6_0-ibm (important)
2017-12-19 12:10:10
Security update for java-1_6_0-ibm (important)
2017-12-07 21:12:27
Security update for java-1_7_1-ibm (important)
2017-12-30 03:09:07
aix
aix
There are multiple vulnerabilities in IBM SDK Java Technology Edition
2017-12-07 12:20:05
kaspersky
kaspersky
KLA11122 Multiple vulnerabilities in Oracle Java SE, Java SE Embedded and JRockit
2017-10-17 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2017-0080
2017-10-24 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2017
2017-10-17 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

5.4

Confidence

High

EPSS

0.002

Percentile

59.1%

JSON
Related for CVE-2017-10350
cvelist1nvd1redhatcve1ubuntucve1prion1debiancve1veracode1openvas28ibm39redhat8nessus47osv4debian3oraclelinux2centos2gentoo2ubuntu2mageia1amazon2suse10aix1kaspersky1photon1oracle1