CVE-2017-10355

Description

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Risk Information

Base Score

5.3

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS Score

Exploitation Probability

6.296

Associated Vulnerability

Vulnerability	OS Platform
Multiple Vulnerabilities are affected in Java SE Development Kit 1.9.0	Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 7 7.21	Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 7 (x64) 7.21	Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 8 (MSI) 8.25	Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 8 (MSI) (x64) 8.25	Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) Java SE Development Kit 8 Update 144 (64-bit)	Windows
Multiple vulnerabilities are affected in Java SE Development Kit Java SE Development Kit 8 Update 144 (64-bit)	Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) 8.0.1440	Windows
Multiple vulnerabilities are affected in Java Runtime Environment 1.8 8.0.1440	Windows
Multiple vulnerabilities are affected in Java Runtime Environment 1.8 (x64) 8.0.1440	Windows
Multiple vulnerabilities are affected in Java SE Development Kit 7 (x64) 7.0.1510	Windows
Multiple vulnerabilities are affected in Java SE Development Kit 7 (x86) 7.0.1510	Windows
Multiple Vulnerabilities are affected in Netapp Active Iq Unified Manager 2.3	Windows
Multiple Vulnerabilities are affected in Netapp Oncommand Insight 2.3	Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2.0	Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2.1	Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.3.0	Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.3.1	Windows
Multiple Vulnerabilities are affected in Netapp Oncommand Balance 2.3	Windows
Multiple Vulnerabilities are affected in Netapp Oncommand Shift 2.3	Windows
Multiple Vulnerabilities are affected in Netapp Oncommand Workflow Automation 2.3	Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0	Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1	Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.5	Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.6	Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.7	Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.8	Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.9	Windows
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-1.8.0.151-1.b12.el6_9.i686.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-1.8.0.151-1.b12.el6_9.x86_64.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.i686.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.x86_64.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-accessibility-1.8.0.151-1.b12.el7_4.i686.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-accessibility-1.8.0.151-1.b12.el7_4.x86_64.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-accessibility-debug-1.8.0.151-1.b12.el7_4.i686.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-accessibility-debug-1.8.0.151-1.b12.el7_4.x86_64.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-debug-1.8.0.151-1.b12.el6_9.i686.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-debug-1.8.0.151-1.b12.el6_9.x86_64.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-debug-1.8.0.151-1.b12.el7_4.i686.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-debug-1.8.0.151-1.b12.el7_4.x86_64.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-demo-1.8.0.151-1.b12.el6_9.i686.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-demo-1.8.0.151-1.b12.el6_9.x86_64.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-demo-1.8.0.151-1.b12.el7_4.i686.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-demo-1.8.0.151-1.b12.el7_4.x86_64.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-demo-debug-1.8.0.151-1.b12.el6_9.i686.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-demo-debug-1.8.0.151-1.b12.el6_9.x86_64.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-demo-debug-1.8.0.151-1.b12.el7_4.i686.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-demo-debug-1.8.0.151-1.b12.el7_4.x86_64.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-devel-1.8.0.151-1.b12.el6_9.i686.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-devel-1.8.0.151-1.b12.el6_9.x86_64.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-devel-1.8.0.151-1.b12.el7_4.i686.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-devel-1.8.0.151-1.b12.el7_4.x86_64.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-devel-debug-1.8.0.151-1.b12.el6_9.i686.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-devel-debug-1.8.0.151-1.b12.el6_9.x86_64.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-devel-debug-1.8.0.151-1.b12.el7_4.i686.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-devel-debug-1.8.0.151-1.b12.el7_4.x86_64.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-headless-1.8.0.151-1.b12.el6_9.i686.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-headless-1.8.0.151-1.b12.el6_9.x86_64.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-headless-1.8.0.151-1.b12.el7_4.i686.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-headless-1.8.0.151-1.b12.el7_4.x86_64.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-headless-debug-1.8.0.151-1.b12.el6_9.i686.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-headless-debug-1.8.0.151-1.b12.el6_9.x86_64.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-headless-debug-1.8.0.151-1.b12.el7_4.i686.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-headless-debug-1.8.0.151-1.b12.el7_4.x86_64.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-javadoc-1.8.0.151-1.b12.el6_9.noarch.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-javadoc-1.8.0.151-1.b12.el7_4.noarch.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-javadoc-debug-1.8.0.151-1.b12.el6_9.noarch.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-javadoc-debug-1.8.0.151-1.b12.el7_4.noarch.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-javadoc-zip-1.8.0.151-1.b12.el7_4.noarch.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.151-1.b12.el7_4.noarch.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-src-1.8.0.151-1.b12.el6_9.i686.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-src-1.8.0.151-1.b12.el6_9.x86_64.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-src-1.8.0.151-1.b12.el7_4.i686.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-src-1.8.0.151-1.b12.el7_4.x86_64.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-src-debug-1.8.0.151-1.b12.el6_9.i686.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-src-debug-1.8.0.151-1.b12.el6_9.x86_64.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-src-debug-1.8.0.151-1.b12.el7_4.i686.rpm	Linux
(RHSA-2017:2998) java-1.8.0-openjdk security update java-1.8.0-openjdk-src-debug-1.8.0.151-1.b12.el7_4.x86_64.rpm	Linux
CVE-2017-10355	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-333702	Java SE Development Kit 8 Update 391 (32-bit) (8.0.3910.13) (JDK) (Manual Upload Required)
PATCH-344728	Azul Zulu JDK 8 (MSI) (8.84.0.15)
PATCH-344692	Azul Zulu JDK 8 (MSI) (x64) (8.84.0.15)
PATCH-349784	Java SE Development Kit (x64) (8.0.4610.11) (Manual Upload Required)
PATCH-349781	Java Runtime Environment 1.8 (8.0.4610.11) (Manual Upload Required)
PATCH-349782	Java Runtime Environment 1.8 (x64) (8.0.4610.11) (Manual Upload Required)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234