{"containers": {"cna": {"affected": [{"product": "Java", "vendor": "Oracle Corporation", "versions": [{"status": "affected", "version": "Java SE: 6u161"}, {"status": "affected", "version": "7u151"}, {"status": "affected", "version": "8u144"}, {"status": "affected", "version": "9; Java SE Embedded: 8u144"}]}], "datePublic": "2017-10-17T00:00:00", "descriptions": [{"lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."}], "problemTypes": [{"descriptions": [{"description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-02T10:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"name": "RHSA-2017:3047", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3047"}, {"name": "GLSA-201711-14", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201711-14"}, {"name": "101321", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101321"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK"}, {"name": "DSA-4015", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2017/dsa-4015"}, {"name": "RHSA-2017:3267", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3267"}, {"name": "RHSA-2017:2998", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2998"}, {"name": "RHSA-2017:3268", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3268"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"name": "RHSA-2017:3046", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3046"}, {"name": "1039596", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039596"}, {"name": "GLSA-201710-31", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201710-31"}, {"name": "RHSA-2017:3264", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3264"}, {"name": "DSA-4048", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2017/dsa-4048"}, {"name": "RHSA-2017:3453", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3453"}, {"name": "RHSA-2017:3392", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3392"}, {"name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"}, {"name": "RHSA-2017:2999", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2999"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10388", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Java", "version": {"version_data": [{"version_affected": "=", "version_value": "Java SE: 6u161"}, {"version_affected": "=", "version_value": "7u151"}, {"version_affected": "=", "version_value": "8u144"}, {"version_affected": "=", "version_value": "9; Java SE Embedded: 8u144"}]}}]}, "vendor_name": "Oracle Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded."}]}]}, "references": {"reference_data": [{"name": "RHSA-2017:3047", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3047"}, {"name": "GLSA-201711-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201711-14"}, {"name": "101321", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101321"}, {"name": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK", "refsource": "CONFIRM", "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK"}, {"name": "DSA-4015", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4015"}, {"name": "RHSA-2017:3267", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3267"}, {"name": "RHSA-2017:2998", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2998"}, {"name": "RHSA-2017:3268", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3268"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"name": "RHSA-2017:3046", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3046"}, {"name": "1039596", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039596"}, {"name": "GLSA-201710-31", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-31"}, {"name": "RHSA-2017:3264", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3264"}, {"name": "DSA-4048", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4048"}, {"name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453"}, {"name": "RHSA-2017:3392", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3392"}, {"name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"}, {"name": "https://security.netapp.com/advisory/ntap-20171019-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"}, {"name": "RHSA-2017:2999", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2999"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:41:55.428Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2017:3047", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:3047"}, {"name": "GLSA-201711-14", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201711-14"}, {"name": "101321", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101321"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK"}, {"name": "DSA-4015", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2017/dsa-4015"}, {"name": "RHSA-2017:3267", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:3267"}, {"name": "RHSA-2017:2998", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2998"}, {"name": "RHSA-2017:3268", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:3268"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"name": "RHSA-2017:3046", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:3046"}, {"name": "1039596", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039596"}, {"name": "GLSA-201710-31", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201710-31"}, {"name": "RHSA-2017:3264", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:3264"}, {"name": "DSA-4048", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2017/dsa-4048"}, {"name": "RHSA-2017:3453", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:3453"}, {"name": "RHSA-2017:3392", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:3392"}, {"name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"}, {"name": "RHSA-2017:2999", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2999"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-04T15:38:56.925674Z", "id": "CVE-2017-10388", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-04T16:44:59.766Z"}}]}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10388", "datePublished": "2017-10-19T17:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T16:44:59.766Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*", "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06", "versionStartIncluding": "7.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."}, {"lang": "es", "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: Libraries). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9; Java SE Embedded: 8u144. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por Kerberos comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE y Java SE Embedded. Nota: Esto afecta al cliente de Kerberos de Java SE. CVSS 3.0 Base Score 7.5 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."}], "id": "CVE-2017-10388", "lastModified": "2024-11-21T03:06:04.590", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-19T17:29:05.403", "references": [{"source": "secalert_us@oracle.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"source": "secalert_us@oracle.com", "tags": ["Broken Link"], "url": "http://www.securityfocus.com/bid/101321"}, {"source": "secalert_us@oracle.com", "tags": ["Broken Link"], "url": "http://www.securitytracker.com/id/1039596"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2998"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2999"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3046"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3047"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3264"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3267"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3268"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3392"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3453"}, {"source": "secalert_us@oracle.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201710-31"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201711-14"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2017/dsa-4015"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2017/dsa-4048"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory"], "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.securityfocus.com/bid/101321"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.securitytracker.com/id/1039596"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2998"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2999"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3046"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3047"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3264"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3267"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3268"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3392"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3453"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201710-31"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201711-14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2017/dsa-4015"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2017/dsa-4048"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2017:2999", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6", "package": "java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6", "product_name": "Oracle Java for Red Hat Enterprise Linux 6", "release_date": "2017-10-23T00:00:00Z"}, {"advisory": "RHSA-2017:3046", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6", "package": "java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6", "product_name": "Oracle Java for Red Hat Enterprise Linux 6", "release_date": "2017-10-24T00:00:00Z"}, {"advisory": "RHSA-2017:3047", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6", "package": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6", "product_name": "Oracle Java for Red Hat Enterprise Linux 6", "release_date": "2017-10-24T00:00:00Z"}, {"advisory": "RHSA-2017:2999", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7", "package": "java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7", "product_name": "Oracle Java for Red Hat Enterprise Linux 7", "release_date": "2017-10-23T00:00:00Z"}, {"advisory": "RHSA-2017:3046", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7", "package": "java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7", "product_name": "Oracle Java for Red Hat Enterprise Linux 7", "release_date": "2017-10-24T00:00:00Z"}, {"advisory": "RHSA-2017:3047", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7", "package": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7", "product_name": "Oracle Java for Red Hat Enterprise Linux 7", "release_date": "2017-10-24T00:00:00Z"}, {"advisory": "RHSA-2017:2998", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "java-1.8.0-openjdk-1:1.8.0.151-1.b12.el6_9", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2017-10-20T00:00:00Z"}, {"advisory": "RHSA-2017:3392", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "java-1.7.0-openjdk-1:1.7.0.161-2.6.12.0.el6_9", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2017-12-06T00:00:00Z"}, {"advisory": "RHSA-2017:3267", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.8.0-ibm-1:1.8.0.5.5-1jpp.1.el6_9", "product_name": "Red Hat Enterprise Linux 6 Supplementary", "release_date": "2017-11-28T00:00:00Z"}, {"advisory": "RHSA-2017:3268", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.7.1-ibm-1:1.7.1.4.15-1jpp.3.el6_9", "product_name": "Red Hat Enterprise Linux 6 Supplementary", "release_date": "2017-11-28T00:00:00Z"}, {"advisory": "RHSA-2017:2998", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "java-1.8.0-openjdk-1:1.8.0.151-1.b12.el7_4", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-10-20T00:00:00Z"}, {"advisory": "RHSA-2017:3392", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "java-1.7.0-openjdk-1:1.7.0.161-2.6.12.0.el7_4", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-12-06T00:00:00Z"}, {"advisory": "RHSA-2017:3264", "cpe": "cpe:/a:redhat:rhel_extras:7", "package": "java-1.8.0-ibm-1:1.8.0.5.5-1jpp.2.el7", "product_name": "Red Hat Enterprise Linux 7 Supplementary", "release_date": "2017-11-27T00:00:00Z"}, {"advisory": "RHSA-2017:3268", "cpe": "cpe:/a:redhat:rhel_extras:7", "package": "java-1.7.1-ibm-1:1.7.1.4.15-1jpp.2.el7", "product_name": "Red Hat Enterprise Linux 7 Supplementary", "release_date": "2017-11-28T00:00:00Z"}, {"advisory": "RHSA-2017:3453", "cpe": "cpe:/a:redhat:network_satellite:5.8::el6", "package": "java-1.8.0-ibm-1:1.8.0.5.5-1jpp.1.el6_9", "product_name": "Red Hat Satellite 5.8", "release_date": "2017-12-13T00:00:00Z"}, {"advisory": "RHSA-2017:3453", "cpe": "cpe:/a:redhat:network_satellite:5.8::el6", "package": "java-1.8.0-ibm-1:1.8.0.5.5-1jpp.1.el6_9", "product_name": "Red Hat Satellite 5.8 ELS", "release_date": "2017-12-13T00:00:00Z"}], "bugzilla": {"description": "OpenJDK: use of unprotected sname in Kerberos client (Libraries, 8178794)", "id": "1502038", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502038"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "status": "verified"}, "cwe": "CWE-345", "details": ["Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the-middle attacker could possibly use this flaw to impersonate Kerberos services to Java applications acting as Kerberos clients."], "name": "CVE-2017-10388", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "java-1.6.0-ibm", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2017-10-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-10388\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10388"], "threat_severity": "Important"}