CVE-2017-10388 (CNNVD-201710-729)
HIGH
中文标题:
Oracle Java SE和Oracle Java SE Embedded 访问控制错误漏洞
英文标题:
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries)...
CVSS分数:
7.5
发布时间:
2017-10-19 17:00:00
漏洞类型:
授权问题
状态:
PUBLISHED
数据质量分数:
0.30
数据版本:
v3
漏洞描述
中文描述:
Oracle Java SE和Oracle Java SE Embedded都是美国甲骨文(Oracle)公司的产品。Oracle Java SE是一款用于开发和部署桌面、服务器以及嵌入设备和实时环境中的Java应用程序。Oracle Java SE Embedded是一款针对嵌入式系统的、可移植的应用程序的Java平台。 Oracle Java SE和Oracle Java SE Embedded中的Libraries子组件存在访问控制错误漏洞。攻击者可利用该漏洞控制组件,影响数据的完整性、保密性和可用性。以下产品及版本受到影响:Oracle Java SE 6u161版本,7u151版本,8u144版本,9版本;Java SE Embedded 8u144版本。
英文描述:
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).
CWE类型:
(暂无数据)
标签:
(暂无数据)
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Oracle Corporation | Java | Java SE: 6u161 | - | - |
cpe:2.3:a:oracle_corporation:java:java_se:_6u161:*:*:*:*:*:*:*
|
| Oracle Corporation | Java | 7u151 | - | - |
cpe:2.3:a:oracle_corporation:java:7u151:*:*:*:*:*:*:*
|
| Oracle Corporation | Java | 8u144 | - | - |
cpe:2.3:a:oracle_corporation:java:8u144:*:*:*:*:*:*:*
|
| Oracle Corporation | Java | 9; Java SE Embedded: 8u144 | - | - |
cpe:2.3:a:oracle_corporation:java:9;_java_se_embedded:_8u144:*:*:*:*:*:*:*
|
| oracle | jdk | 1.6.0 | - | - |
cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*
|
| oracle | jdk | 1.7.0 | - | - |
cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*
|
| oracle | jdk | 1.8.0 | - | - |
cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*
|
| oracle | jdk | 1.9.0 | - | - |
cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*
|
| oracle | jre | 1.6.0 | - | - |
cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*
|
| oracle | jre | 1.7.0 | - | - |
cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*
|
| oracle | jre | 1.8.0 | - | - |
cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*
|
| oracle | jre | 1.9.0 | - | - |
cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*
|
| redhat | satellite | 5.8 | - | - |
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_desktop | 6.0 | - | - |
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_desktop | 7.0 | - | - |
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_eus | 7.4 | - | - |
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_eus | 7.5 | - | - |
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_eus | 7.6 | - | - |
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_eus | 7.7 | - | - |
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_server | 6.0 | - | - |
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_server | 7.0 | - | - |
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_server_aus | 7.4 | - | - |
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_server_aus | 7.6 | - | - |
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_server_aus | 7.7 | - | - |
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_server_tus | 7.4 | - | - |
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_server_tus | 7.6 | - | - |
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_server_tus | 7.7 | - | - |
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_workstation | 6.0 | - | - |
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_workstation | 7.0 | - | - |
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
|
| netapp | active_iq_unified_manager | * | - | - |
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
|
| netapp | cloud_backup | - | - | - |
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
|
| netapp | e-series_santricity_management_plug-ins | - | - | - |
cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*
|
| netapp | e-series_santricity_os_controller | * | - | - |
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
|
| netapp | e-series_santricity_storage_manager | - | - | - |
cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
|
| netapp | e-series_santricity_web_services | - | - | - |
cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
|
| netapp | element_software | - | - | - |
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
|
| netapp | oncommand_balance | - | - | - |
cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
|
| netapp | oncommand_insight | - | - | - |
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
|
| netapp | oncommand_performance_manager | - | - | - |
cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*
|
| netapp | oncommand_shift | - | - | - |
cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*
|
| netapp | oncommand_unified_manager | * | - | - |
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*
|
| netapp | oncommand_unified_manager | - | - | - |
cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*
|
| netapp | oncommand_workflow_automation | - | - | - |
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
|
| netapp | plug-in_for_symantec_netbackup | - | - | - |
cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
|
| netapp | snapmanager | - | - | - |
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
|
| netapp | steelstore_cloud_integrated_storage | - | - | - |
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
|
| netapp | storage_replication_adapter_for_clustered_data_ontap | * | - | - |
cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*
|
| netapp | vasa_provider_for_clustered_data_ontap | * | - | - |
cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*
|
| netapp | vasa_provider_for_clustered_data_ontap | 6.0 | - | - |
cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*
|
| netapp | virtual_storage_console | * | - | - |
cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*
|
| netapp | virtual_storage_console | 6.0 | - | - |
cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*
|
| debian | debian_linux | 7.0 | - | - |
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
|
| debian | debian_linux | 8.0 | - | - |
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
|
| debian | debian_linux | 9.0 | - | - |
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
RHSA-2017:3047
vendor-advisory
cve.org
访问
cve.org
GLSA-201711-14
vendor-advisory
cve.org
访问
cve.org
101321
vdb-entry
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
DSA-4015
vendor-advisory
cve.org
访问
cve.org
RHSA-2017:3267
vendor-advisory
cve.org
访问
cve.org
RHSA-2017:2998
vendor-advisory
cve.org
访问
cve.org
RHSA-2017:3268
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
RHSA-2017:3046
vendor-advisory
cve.org
访问
cve.org
1039596
vdb-entry
cve.org
访问
cve.org
GLSA-201710-31
vendor-advisory
cve.org
访问
cve.org
RHSA-2017:3264
vendor-advisory
cve.org
访问
cve.org
DSA-4048
vendor-advisory
cve.org
访问
cve.org
RHSA-2017:3453
vendor-advisory
cve.org
访问
cve.org
RHSA-2017:3392
vendor-advisory
cve.org
访问
cve.org
[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update
mailing-list
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
RHSA-2017:2999
vendor-advisory
cve.org
访问
cve.org
CVSS评分详情
7.5
HIGH
CVSS向量:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS版本:
3.1
机密性
HIGH
完整性
HIGH
可用性
HIGH
时间信息
发布时间:
2017-10-19 17:00:00
修改时间:
2024-10-04 16:44:59
创建时间:
2025-11-11 15:34:31
更新时间:
2025-11-11 15:53:21
利用信息
暂无可利用代码信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2017-10388 |
2025-11-11 15:19:15 | 2025-11-11 07:34:31 |
| NVD | nvd_CVE-2017-10388 |
2025-11-11 14:55:32 | 2025-11-11 07:43:10 |
| CNNVD | cnnvd_CNNVD-201710-729 |
2025-11-11 15:09:54 | 2025-11-11 07:53:21 |
版本与语言
当前版本:
v3
主要语言:
EN
支持语言:
EN
ZH
安全公告
暂无安全公告信息
变更历史
v3
CNNVD
2025-11-11 15:53:21
vulnerability_type: 未提取 → 授权问题; cnnvd_id: 未提取 → CNNVD-201710-729; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-201710-729
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2
NVD
2025-11-11 15:43:10
severity: SeverityLevel.MEDIUM → SeverityLevel.HIGH; cvss_score: 未提取 → 7.5; cvss_vector: NOT_EXTRACTED → CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H; cvss_version: NOT_EXTRACTED → 3.1; affected_products_count: 4 → 54; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.HIGH
- cvss_score: 未提取 -> 7.5
- cvss_vector: NOT_EXTRACTED -> CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
- cvss_version: NOT_EXTRACTED -> 3.1
- affected_products_count: 4 -> 54
- data_sources: ['cve'] -> ['cve', 'nvd']