CVE-2017-10116

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*
cpe:2.3:a:oracle:jrockit:r28.3.14:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:phoenixcontact:fl_mguard_dm:1.8.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*
cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*

History

06 Oct 2022, 19:01

Type Values Removed Values Added
First Time Redhat
Netapp oncommand Unified Manager
Netapp steelstore Cloud Integrated Storage
Netapp vasa Provider For Clustered Data Ontap
Redhat enterprise Linux Desktop
Redhat enterprise Linux Server Tus
Phoenixcontact
Redhat satellite
Netapp cloud Backup
Netapp active Iq Unified Manager
Netapp e-series Santricity Os Controller
Debian debian Linux
Netapp oncommand Performance Manager
Netapp e-series Santricity Storage Manager
Netapp virtual Storage Console
Netapp element Software
Netapp oncommand Balance
Phoenixcontact fl Mguard Dm
Redhat enterprise Linux Eus
Redhat enterprise Linux Server Aus
Netapp plug-in For Symantec Netbackup
Netapp oncommand Shift
Debian
Redhat enterprise Linux Server
Netapp snapmanager
Netapp oncommand Insight
Netapp storage Replication Adapter For Clustered Data Ontap
Netapp
Redhat enterprise Linux Workstation
CPE cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*
cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:a:phoenixcontact:fl_mguard_dm:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:1792 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:1792 - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:1791 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:1791 - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:2481 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:2481 - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:2530 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:2530 - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:1789 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:1789 - Third Party Advisory
References (BID) http://www.securityfocus.com/bid/99734 - Third Party Advisory, VDB Entry (BID) http://www.securityfocus.com/bid/99734 - Broken Link
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:2424 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:2424 - Third Party Advisory
References (DEBIAN) http://www.debian.org/security/2017/dsa-3919 - (DEBIAN) http://www.debian.org/security/2017/dsa-3919 - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:2469 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:2469 - Third Party Advisory
References (SECTRACK) http://www.securitytracker.com/id/1038931 - Third Party Advisory, VDB Entry (SECTRACK) http://www.securitytracker.com/id/1038931 - Broken Link
References (CONFIRM) https://security.netapp.com/advisory/ntap-20170720-0001/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20170720-0001/ - Third Party Advisory
References (CONFIRM) https://cert.vde.com/en-us/advisories/vde-2017-002 - (CONFIRM) https://cert.vde.com/en-us/advisories/vde-2017-002 - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:1790 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:1790 - Third Party Advisory
References (GENTOO) https://security.gentoo.org/glsa/201709-22 - (GENTOO) https://security.gentoo.org/glsa/201709-22 - Third Party Advisory
References (DEBIAN) http://www.debian.org/security/2017/dsa-3954 - (DEBIAN) http://www.debian.org/security/2017/dsa-3954 - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:3453 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:3453 - Third Party Advisory

13 May 2022, 14:57

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:jdk:1.6.0:update_151:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update_141:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update_131:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update_151:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*

Information

Published : 2017-08-08 15:29

Updated : 2023-12-10 12:15


NVD link : CVE-2017-10116

Mitre link : CVE-2017-10116

CVE.ORG link : CVE-2017-10116


JSON object : View

Products Affected

netapp

  • snapmanager
  • cloud_backup
  • vasa_provider_for_clustered_data_ontap
  • steelstore_cloud_integrated_storage
  • virtual_storage_console
  • oncommand_shift
  • oncommand_unified_manager
  • oncommand_insight
  • oncommand_balance
  • element_software
  • e-series_santricity_os_controller
  • oncommand_performance_manager
  • e-series_santricity_storage_manager
  • active_iq_unified_manager
  • plug-in_for_symantec_netbackup
  • storage_replication_adapter_for_clustered_data_ontap

redhat

  • enterprise_linux_server_aus
  • enterprise_linux_server
  • enterprise_linux_desktop
  • enterprise_linux_eus
  • enterprise_linux_server_tus
  • enterprise_linux_workstation
  • satellite

oracle

  • jdk
  • jre
  • jrockit

debian

  • debian_linux

phoenixcontact

  • fl_mguard_dm