CVE-2017-10388

HIGH

Oracle JDK and JRE - Remote Code Execution via Kerberos

Title source: llm
STIX 2.1

Description

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).

References (19)

Core 19
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:3047
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201711-14
Broken Link vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/101321
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2017/dsa-4015
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:3267
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2998
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:3268
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:3046
Broken Link vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039596
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201710-31
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:3264
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2017/dsa-4048
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:3453
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:3392
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20171019-0001/
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2999

Scores

CVSS v3 7.5
EPSS 0.0060
EPSS Percentile 69.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

Status published
Products (47)
debian/debian_linux 7.0
debian/debian_linux 8.0
debian/debian_linux 9.0
netapp/active_iq_unified_manager 7.3
netapp/active_iq_unified_manager 9.5
netapp/cloud_backup
netapp/e-series_santricity_management_plug-ins
netapp/e-series_santricity_os_controller 11.0 - 11.70.1
netapp/e-series_santricity_storage_manager
netapp/e-series_santricity_web_services
... and 37 more
Published Oct 19, 2017
Tracked Since Feb 18, 2026