CVE-2017-3533

Current Description

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Basic Data

PublishedApril 24, 2017
Last ModifiedOctober 03, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-noinfo
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score4.3
SeverityMEDIUM
Exploitability Score8.6
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS 3 - Attack VectorNETWORK
CVSS 3 - Attack ComplexityHIGH
CVSS 3 - Privileges RequiredNONE
CVSS 3 - User InteractionNONE
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactNONE
CVSS 3 - Integrity ImpactLOW
CVSS 3 - Availability ImpactNONE
CVSS 3 - Base Score3.7
CVSS 3 - Base SeverityLOW
Exploitability Score2.2
Base SeverityLOW

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationOracleJdk1.6.0update_141******
    2.3ApplicationOracleJdk1.7.0update_131******
    2.3ApplicationOracleJdk1.8.0update_121******
    2.3ApplicationOracleJre1.6.0update_141******
    2.3ApplicationOracleJre1.7.0update_131******
    2.3ApplicationOracleJre1.8.0update_121******
    2.3ApplicationOracleJrockitr28.3.13*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatSatellite5.8*******
    2.3OSRedhatEnterprise Linux Desktop6.0*******
    2.3OSRedhatEnterprise Linux Desktop7.0*******
    2.3OSRedhatEnterprise Linux Server6.0*******
    2.3OSRedhatEnterprise Linux Server7.0*******
    2.3OSRedhatEnterprise Linux Server Aus7.3*******
    2.3OSRedhatEnterprise Linux Server Aus7.4*******
    2.3OSRedhatEnterprise Linux Server Aus7.6*******
    2.3OSRedhatEnterprise Linux Server Eus7.3*******
    2.3OSRedhatEnterprise Linux Server Eus7.4*******
    2.3OSRedhatEnterprise Linux Server Eus7.5*******
    2.3OSRedhatEnterprise Linux Server Eus7.6*******
    2.3OSRedhatEnterprise Linux Server Tus7.3*******
    2.3OSRedhatEnterprise Linux Server Tus7.6*******
    2.3OSRedhatEnterprise Linux Workstation6.0*******
    2.3OSRedhatEnterprise Linux Workstation7.0*******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatIcedtea********3.4.0
  • OR - Configuration 4
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux8.0*******

Vulnerable Software List

VendorProductVersions
Debian Debian Linux 8.0
Redhat Enterprise Linux Workstation 6.0, 7.0
Redhat Satellite 5.8
Redhat Enterprise Linux Desktop 6.0, 7.0
Redhat Enterprise Linux Server Aus 7.3, 7.4, 7.6
Redhat Enterprise Linux Server Tus 7.3, 7.6
Redhat Enterprise Linux Server Eus 7.3, 7.4, 7.5, 7.6
Redhat Icedtea *
Redhat Enterprise Linux Server 6.0, 7.0
Oracle Jre 1.6.0, 1.7.0, 1.8.0
Oracle Jrockit r28.3.13
Oracle Jdk 1.6.0, 1.7.0, 1.8.0

References

NameSourceURLTags
DSA-3858http://www.debian.org/security/2017/dsa-3858DEBIANThird Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.htmlCONFIRMPatch Vendor Advisory
97740http://www.securityfocus.com/bid/97740BIDThird Party Advisory VDB Entry
1038286http://www.securitytracker.com/id/1038286SECTRACKThird Party Advisory VDB Entry
RHSA-2017:1108https://access.redhat.com/errata/RHSA-2017:1108REDHATThird Party Advisory
RHSA-2017:1109https://access.redhat.com/errata/RHSA-2017:1109REDHATThird Party Advisory
RHSA-2017:1117https://access.redhat.com/errata/RHSA-2017:1117REDHATThird Party Advisory
RHSA-2017:1118https://access.redhat.com/errata/RHSA-2017:1118REDHATThird Party Advisory
RHSA-2017:1119https://access.redhat.com/errata/RHSA-2017:1119REDHATThird Party Advisory
RHSA-2017:1204https://access.redhat.com/errata/RHSA-2017:1204REDHATThird Party Advisory
RHSA-2017:1220https://access.redhat.com/errata/RHSA-2017:1220REDHATThird Party Advisory
RHSA-2017:1221https://access.redhat.com/errata/RHSA-2017:1221REDHATThird Party Advisory
RHSA-2017:1222https://access.redhat.com/errata/RHSA-2017:1222REDHATThird Party Advisory
RHSA-2017:3453https://access.redhat.com/errata/RHSA-2017:3453REDHATThird Party Advisory
GLSA-201705-03https://security.gentoo.org/glsa/201705-03GENTOOThird Party Advisory
GLSA-201707-01https://security.gentoo.org/glsa/201707-01GENTOOThird Party Advisory