Home > Vulnerability Database > CVE-2017-10345

Mend.io Vulnerability Database

CVE-2017-10345

Date: October 19, 2017

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).

Severity Score

3.1

Related Resources (22)

Url: https://security.netapp.com/advisory/ntap-20171019-0001/

Url: https://www.debian.org/security/2017/dsa-4015

Url: https://www.debian.org/security/2017/dsa-4048

Url: https://access.redhat.com/errata/RHSA-2017:3392

Url: https://access.redhat.com/errata/RHSA-2017:3046

Url: https://access.redhat.com/errata/RHSA-2017:3453

Url: http://www.securityfocus.com/bid/101396

Url: https://access.redhat.com/errata/RHSA-2017:3264

Url: https://access.redhat.com/errata/RHSA-2017:3047

Url: https://access.redhat.com/errata/RHSA-2017:3267

Url: https://access.redhat.com/errata/RHSA-2017:3268

Url: https://security.gentoo.org/glsa/201710-31

Url: https://access.redhat.com/errata/RHSA-2017:2999

Url: https://access.redhat.com/errata/RHSA-2017:2998

Url: https://access.redhat.com/security/cve/CVE-2017-10345

Url: https://security.gentoo.org/glsa/201711-14

Url: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Url: https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-10345

Url: https://security-tracker.debian.org/tracker/CVE-2017-10345

Url: http://www.securitytracker.com/id/1039596

Url: https://www.mend.io/vulnerability-database/CVE-2017-10345

Severity Score

3.1

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:	3.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

CVSS v2

Base Score:	2.6
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-10345

Date: October 19, 2017

Severity Score

Related Resources (22)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?