Search

Find a vulnerability

Search criteria

    18 vulnerabilities found for icedtea by redhat

    CVE-2017-3544 (GCVE-0-2017-3544)

    Vulnerability from nvd – Published: 2017-04-24 19:00 – Updated: 2024-10-07 16:12
    VLAI
    Summary
    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data.
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2017:1221 vendor-advisoryx_refsource_REDHAT
    https://security.gentoo.org/glsa/201705-03 vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/97745 vdb-entryx_refsource_BID
    https://access.redhat.com/errata/RHSA-2017:1220 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1117 vendor-advisoryx_refsource_REDHAT
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    https://access.redhat.com/errata/RHSA-2017:1109 vendor-advisoryx_refsource_REDHAT
    https://source.android.com/security/bulletin/2017-07-01 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038286 vdb-entryx_refsource_SECTRACK
    http://www.debian.org/security/2017/dsa-3858 vendor-advisoryx_refsource_DEBIAN
    https://access.redhat.com/errata/RHSA-2017:1108 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1204 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1118 vendor-advisoryx_refsource_REDHAT
    https://security.gentoo.org/glsa/201707-01 vendor-advisoryx_refsource_GENTOO
    https://access.redhat.com/errata/RHSA-2017:1222 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:3453 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1119 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Oracle Corporation Java Affected: Java SE: 6u141
    Affected: 7u131
    Affected: 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13
    Create a notification for this product.
    Date Public
    2017-04-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:30:57.962Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2017:1221",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1221"
              },
              {
                "name": "GLSA-201705-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201705-03"
              },
              {
                "name": "97745",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97745"
              },
              {
                "name": "RHSA-2017:1220",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1220"
              },
              {
                "name": "RHSA-2017:1117",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1117"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
              },
              {
                "name": "RHSA-2017:1109",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1109"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/2017-07-01"
              },
              {
                "name": "1038286",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038286"
              },
              {
                "name": "DSA-3858",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2017/dsa-3858"
              },
              {
                "name": "RHSA-2017:1108",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1108"
              },
              {
                "name": "RHSA-2017:1204",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1204"
              },
              {
                "name": "RHSA-2017:1118",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1118"
              },
              {
                "name": "GLSA-201707-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201707-01"
              },
              {
                "name": "RHSA-2017:1222",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1222"
              },
              {
                "name": "RHSA-2017:3453",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:3453"
              },
              {
                "name": "RHSA-2017:1119",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1119"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-3544",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-07T15:44:53.644619Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-07T16:12:23.501Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Java",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Java SE: 6u141"
                },
                {
                  "status": "affected",
                  "version": "7u131"
                },
                {
                  "status": "affected",
                  "version": "8u121; Java SE Embedded: 8u121; JRockit: R28.3.13"
                }
              ]
            }
          ],
          "datePublic": "2017-04-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "RHSA-2017:1221",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1221"
            },
            {
              "name": "GLSA-201705-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201705-03"
            },
            {
              "name": "97745",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97745"
            },
            {
              "name": "RHSA-2017:1220",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1220"
            },
            {
              "name": "RHSA-2017:1117",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1117"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
            },
            {
              "name": "RHSA-2017:1109",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1109"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://source.android.com/security/bulletin/2017-07-01"
            },
            {
              "name": "1038286",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038286"
            },
            {
              "name": "DSA-3858",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2017/dsa-3858"
            },
            {
              "name": "RHSA-2017:1108",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1108"
            },
            {
              "name": "RHSA-2017:1204",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1204"
            },
            {
              "name": "RHSA-2017:1118",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1118"
            },
            {
              "name": "GLSA-201707-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201707-01"
            },
            {
              "name": "RHSA-2017:1222",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1222"
            },
            {
              "name": "RHSA-2017:3453",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:1119",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1119"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2017-3544",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Java",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "Java SE: 6u141"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7u131"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8u121; Java SE Embedded: 8u121; JRockit: R28.3.13"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2017:1221",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1221"
                },
                {
                  "name": "GLSA-201705-03",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201705-03"
                },
                {
                  "name": "97745",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97745"
                },
                {
                  "name": "RHSA-2017:1220",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1220"
                },
                {
                  "name": "RHSA-2017:1117",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1117"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
                },
                {
                  "name": "RHSA-2017:1109",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1109"
                },
                {
                  "name": "https://source.android.com/security/bulletin/2017-07-01",
                  "refsource": "CONFIRM",
                  "url": "https://source.android.com/security/bulletin/2017-07-01"
                },
                {
                  "name": "1038286",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038286"
                },
                {
                  "name": "DSA-3858",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2017/dsa-3858"
                },
                {
                  "name": "RHSA-2017:1108",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1108"
                },
                {
                  "name": "RHSA-2017:1204",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1204"
                },
                {
                  "name": "RHSA-2017:1118",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1118"
                },
                {
                  "name": "GLSA-201707-01",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201707-01"
                },
                {
                  "name": "RHSA-2017:1222",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1222"
                },
                {
                  "name": "RHSA-2017:3453",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:3453"
                },
                {
                  "name": "RHSA-2017:1119",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1119"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2017-3544",
        "datePublished": "2017-04-24T19:00:00.000Z",
        "dateReserved": "2016-12-06T00:00:00.000Z",
        "dateUpdated": "2024-10-07T16:12:23.501Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3539 (GCVE-0-2017-3539)

    Vulnerability from nvd – Published: 2017-04-24 19:00 – Updated: 2024-10-07 16:12
    VLAI
    Summary
    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2017:1221 vendor-advisoryx_refsource_REDHAT
    https://security.gentoo.org/glsa/201705-03 vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/97752 vdb-entryx_refsource_BID
    https://access.redhat.com/errata/RHSA-2017:1220 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1117 vendor-advisoryx_refsource_REDHAT
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    https://access.redhat.com/errata/RHSA-2017:1109 vendor-advisoryx_refsource_REDHAT
    http://www.securitytracker.com/id/1038286 vdb-entryx_refsource_SECTRACK
    http://www.debian.org/security/2017/dsa-3858 vendor-advisoryx_refsource_DEBIAN
    https://access.redhat.com/errata/RHSA-2017:1108 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1204 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1118 vendor-advisoryx_refsource_REDHAT
    https://security.gentoo.org/glsa/201707-01 vendor-advisoryx_refsource_GENTOO
    https://access.redhat.com/errata/RHSA-2017:1222 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:3453 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1119 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Oracle Corporation Java Affected: Java SE: 6u141
    Affected: 7u131
    Affected: 8u121; Java SE Embedded: 8u121
    Create a notification for this product.
    Date Public
    2017-04-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:30:58.100Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2017:1221",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1221"
              },
              {
                "name": "GLSA-201705-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201705-03"
              },
              {
                "name": "97752",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97752"
              },
              {
                "name": "RHSA-2017:1220",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1220"
              },
              {
                "name": "RHSA-2017:1117",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1117"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
              },
              {
                "name": "RHSA-2017:1109",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1109"
              },
              {
                "name": "1038286",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038286"
              },
              {
                "name": "DSA-3858",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2017/dsa-3858"
              },
              {
                "name": "RHSA-2017:1108",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1108"
              },
              {
                "name": "RHSA-2017:1204",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1204"
              },
              {
                "name": "RHSA-2017:1118",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1118"
              },
              {
                "name": "GLSA-201707-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201707-01"
              },
              {
                "name": "RHSA-2017:1222",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1222"
              },
              {
                "name": "RHSA-2017:3453",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:3453"
              },
              {
                "name": "RHSA-2017:1119",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1119"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-3539",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-07T15:44:55.407374Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-07T16:12:30.341Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Java",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Java SE: 6u141"
                },
                {
                  "status": "affected",
                  "version": "7u131"
                },
                {
                  "status": "affected",
                  "version": "8u121; Java SE Embedded: 8u121"
                }
              ]
            }
          ],
          "datePublic": "2017-04-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "RHSA-2017:1221",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1221"
            },
            {
              "name": "GLSA-201705-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201705-03"
            },
            {
              "name": "97752",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97752"
            },
            {
              "name": "RHSA-2017:1220",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1220"
            },
            {
              "name": "RHSA-2017:1117",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1117"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
            },
            {
              "name": "RHSA-2017:1109",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1109"
            },
            {
              "name": "1038286",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038286"
            },
            {
              "name": "DSA-3858",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2017/dsa-3858"
            },
            {
              "name": "RHSA-2017:1108",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1108"
            },
            {
              "name": "RHSA-2017:1204",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1204"
            },
            {
              "name": "RHSA-2017:1118",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1118"
            },
            {
              "name": "GLSA-201707-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201707-01"
            },
            {
              "name": "RHSA-2017:1222",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1222"
            },
            {
              "name": "RHSA-2017:3453",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:1119",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1119"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2017-3539",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Java",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "Java SE: 6u141"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7u131"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8u121; Java SE Embedded: 8u121"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2017:1221",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1221"
                },
                {
                  "name": "GLSA-201705-03",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201705-03"
                },
                {
                  "name": "97752",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97752"
                },
                {
                  "name": "RHSA-2017:1220",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1220"
                },
                {
                  "name": "RHSA-2017:1117",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1117"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
                },
                {
                  "name": "RHSA-2017:1109",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1109"
                },
                {
                  "name": "1038286",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038286"
                },
                {
                  "name": "DSA-3858",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2017/dsa-3858"
                },
                {
                  "name": "RHSA-2017:1108",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1108"
                },
                {
                  "name": "RHSA-2017:1204",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1204"
                },
                {
                  "name": "RHSA-2017:1118",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1118"
                },
                {
                  "name": "GLSA-201707-01",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201707-01"
                },
                {
                  "name": "RHSA-2017:1222",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1222"
                },
                {
                  "name": "RHSA-2017:3453",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:3453"
                },
                {
                  "name": "RHSA-2017:1119",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1119"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2017-3539",
        "datePublished": "2017-04-24T19:00:00.000Z",
        "dateReserved": "2016-12-06T00:00:00.000Z",
        "dateUpdated": "2024-10-07T16:12:30.341Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3533 (GCVE-0-2017-3533)

    Vulnerability from nvd – Published: 2017-04-24 19:00 – Updated: 2024-10-07 16:13
    VLAI
    Summary
    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data.
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2017:1221 vendor-advisoryx_refsource_REDHAT
    https://security.gentoo.org/glsa/201705-03 vendor-advisoryx_refsource_GENTOO
    https://access.redhat.com/errata/RHSA-2017:1220 vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/97740 vdb-entryx_refsource_BID
    https://access.redhat.com/errata/RHSA-2017:1117 vendor-advisoryx_refsource_REDHAT
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    https://access.redhat.com/errata/RHSA-2017:1109 vendor-advisoryx_refsource_REDHAT
    http://www.securitytracker.com/id/1038286 vdb-entryx_refsource_SECTRACK
    http://www.debian.org/security/2017/dsa-3858 vendor-advisoryx_refsource_DEBIAN
    https://access.redhat.com/errata/RHSA-2017:1108 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1204 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1118 vendor-advisoryx_refsource_REDHAT
    https://security.gentoo.org/glsa/201707-01 vendor-advisoryx_refsource_GENTOO
    https://access.redhat.com/errata/RHSA-2017:1222 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:3453 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1119 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Oracle Corporation Java Affected: Java SE: 6u141
    Affected: 7u131
    Affected: 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13
    Create a notification for this product.
    Date Public
    2017-04-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:30:58.127Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2017:1221",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1221"
              },
              {
                "name": "GLSA-201705-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201705-03"
              },
              {
                "name": "RHSA-2017:1220",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1220"
              },
              {
                "name": "97740",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97740"
              },
              {
                "name": "RHSA-2017:1117",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1117"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
              },
              {
                "name": "RHSA-2017:1109",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1109"
              },
              {
                "name": "1038286",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038286"
              },
              {
                "name": "DSA-3858",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2017/dsa-3858"
              },
              {
                "name": "RHSA-2017:1108",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1108"
              },
              {
                "name": "RHSA-2017:1204",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1204"
              },
              {
                "name": "RHSA-2017:1118",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1118"
              },
              {
                "name": "GLSA-201707-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201707-01"
              },
              {
                "name": "RHSA-2017:1222",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1222"
              },
              {
                "name": "RHSA-2017:3453",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:3453"
              },
              {
                "name": "RHSA-2017:1119",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1119"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-3533",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-07T15:45:02.988993Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-07T16:13:05.805Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Java",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Java SE: 6u141"
                },
                {
                  "status": "affected",
                  "version": "7u131"
                },
                {
                  "status": "affected",
                  "version": "8u121; Java SE Embedded: 8u121; JRockit: R28.3.13"
                }
              ]
            }
          ],
          "datePublic": "2017-04-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "RHSA-2017:1221",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1221"
            },
            {
              "name": "GLSA-201705-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201705-03"
            },
            {
              "name": "RHSA-2017:1220",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1220"
            },
            {
              "name": "97740",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97740"
            },
            {
              "name": "RHSA-2017:1117",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1117"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
            },
            {
              "name": "RHSA-2017:1109",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1109"
            },
            {
              "name": "1038286",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038286"
            },
            {
              "name": "DSA-3858",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2017/dsa-3858"
            },
            {
              "name": "RHSA-2017:1108",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1108"
            },
            {
              "name": "RHSA-2017:1204",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1204"
            },
            {
              "name": "RHSA-2017:1118",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1118"
            },
            {
              "name": "GLSA-201707-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201707-01"
            },
            {
              "name": "RHSA-2017:1222",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1222"
            },
            {
              "name": "RHSA-2017:3453",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:1119",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1119"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2017-3533",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Java",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "Java SE: 6u141"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7u131"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8u121; Java SE Embedded: 8u121; JRockit: R28.3.13"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2017:1221",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1221"
                },
                {
                  "name": "GLSA-201705-03",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201705-03"
                },
                {
                  "name": "RHSA-2017:1220",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1220"
                },
                {
                  "name": "97740",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97740"
                },
                {
                  "name": "RHSA-2017:1117",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1117"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
                },
                {
                  "name": "RHSA-2017:1109",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1109"
                },
                {
                  "name": "1038286",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038286"
                },
                {
                  "name": "DSA-3858",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2017/dsa-3858"
                },
                {
                  "name": "RHSA-2017:1108",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1108"
                },
                {
                  "name": "RHSA-2017:1204",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1204"
                },
                {
                  "name": "RHSA-2017:1118",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1118"
                },
                {
                  "name": "GLSA-201707-01",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201707-01"
                },
                {
                  "name": "RHSA-2017:1222",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1222"
                },
                {
                  "name": "RHSA-2017:3453",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:3453"
                },
                {
                  "name": "RHSA-2017:1119",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1119"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2017-3533",
        "datePublished": "2017-04-24T19:00:00.000Z",
        "dateReserved": "2016-12-06T00:00:00.000Z",
        "dateUpdated": "2024-10-07T16:13:05.805Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3512 (GCVE-0-2017-3512)

    Vulnerability from nvd – Published: 2017-04-24 19:00 – Updated: 2024-10-04 19:25
    VLAI
    Summary
    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.
    Assigner
    References
    URL Tags
    https://security.gentoo.org/glsa/201705-03 vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/97727 vdb-entryx_refsource_BID
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038286 vdb-entryx_refsource_SECTRACK
    https://security.gentoo.org/glsa/201707-01 vendor-advisoryx_refsource_GENTOO
    Impacted products
    Vendor Product Version
    Oracle Corporation Java Affected: Java SE: 7u131
    Affected: 8u121
    Create a notification for this product.
    Date Public
    2017-04-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:30:57.616Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-201705-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201705-03"
              },
              {
                "name": "97727",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97727"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
              },
              {
                "name": "1038286",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038286"
              },
              {
                "name": "GLSA-201707-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201707-01"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-3512",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-04T16:22:49.275430Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-04T19:25:40.656Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Java",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Java SE: 7u131"
                },
                {
                  "status": "affected",
                  "version": "8u121"
                }
              ]
            }
          ],
          "datePublic": "2017-04-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T09:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "GLSA-201705-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201705-03"
            },
            {
              "name": "97727",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97727"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
            },
            {
              "name": "1038286",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038286"
            },
            {
              "name": "GLSA-201707-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201707-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2017-3512",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Java",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "Java SE: 7u131"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8u121"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-201705-03",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201705-03"
                },
                {
                  "name": "97727",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97727"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
                },
                {
                  "name": "1038286",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038286"
                },
                {
                  "name": "GLSA-201707-01",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201707-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2017-3512",
        "datePublished": "2017-04-24T19:00:00.000Z",
        "dateReserved": "2016-12-06T00:00:00.000Z",
        "dateUpdated": "2024-10-04T19:25:40.656Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-5235 (GCVE-0-2015-5235)

    Vulnerability from nvd – Published: 2015-10-09 14:00 – Updated: 2024-08-06 06:41
    VLAI
    Summary
    IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-09-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:41:08.683Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2817-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2817-1"
              },
              {
                "name": "openSUSE-SU-2015:1595",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1233697"
              },
              {
                "name": "FEDORA-2015-15676",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html"
              },
              {
                "name": "1033780",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1033780"
              },
              {
                "name": "[distro-pkg-dev] 20150911 IcedTea-Web 1.6.1 and 1.5.3 released",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html"
              },
              {
                "name": "RHSA-2016:0778",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0778.html"
              },
              {
                "name": "FEDORA-2015-15677",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-09-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-06T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-2817-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2817-1"
            },
            {
              "name": "openSUSE-SU-2015:1595",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1233697"
            },
            {
              "name": "FEDORA-2015-15676",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html"
            },
            {
              "name": "1033780",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1033780"
            },
            {
              "name": "[distro-pkg-dev] 20150911 IcedTea-Web 1.6.1 and 1.5.3 released",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html"
            },
            {
              "name": "RHSA-2016:0778",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0778.html"
            },
            {
              "name": "FEDORA-2015-15677",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2015-5235",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-2817-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2817-1"
                },
                {
                  "name": "openSUSE-SU-2015:1595",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1233697",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1233697"
                },
                {
                  "name": "FEDORA-2015-15676",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html"
                },
                {
                  "name": "1033780",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1033780"
                },
                {
                  "name": "[distro-pkg-dev] 20150911 IcedTea-Web 1.6.1 and 1.5.3 released",
                  "refsource": "MLIST",
                  "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html"
                },
                {
                  "name": "RHSA-2016:0778",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-0778.html"
                },
                {
                  "name": "FEDORA-2015-15677",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-5235",
        "datePublished": "2015-10-09T14:00:00.000Z",
        "dateReserved": "2015-07-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:41:08.683Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-5234 (GCVE-0-2015-5234)

    Vulnerability from nvd – Published: 2015-10-09 14:00 – Updated: 2024-08-06 06:41
    VLAI
    Summary
    IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-09-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:41:08.613Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2817-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2817-1"
              },
              {
                "name": "openSUSE-SU-2015:1595",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
              },
              {
                "name": "FEDORA-2015-15676",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html"
              },
              {
                "name": "1033780",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1033780"
              },
              {
                "name": "[distro-pkg-dev] 20150911 IcedTea-Web 1.6.1 and 1.5.3 released",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html"
              },
              {
                "name": "RHSA-2016:0778",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0778.html"
              },
              {
                "name": "FEDORA-2015-15677",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1233667"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-09-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-06T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-2817-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2817-1"
            },
            {
              "name": "openSUSE-SU-2015:1595",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "name": "FEDORA-2015-15676",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html"
            },
            {
              "name": "1033780",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1033780"
            },
            {
              "name": "[distro-pkg-dev] 20150911 IcedTea-Web 1.6.1 and 1.5.3 released",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html"
            },
            {
              "name": "RHSA-2016:0778",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0778.html"
            },
            {
              "name": "FEDORA-2015-15677",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1233667"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2015-5234",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-2817-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2817-1"
                },
                {
                  "name": "openSUSE-SU-2015:1595",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
                },
                {
                  "name": "FEDORA-2015-15676",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html"
                },
                {
                  "name": "1033780",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1033780"
                },
                {
                  "name": "[distro-pkg-dev] 20150911 IcedTea-Web 1.6.1 and 1.5.3 released",
                  "refsource": "MLIST",
                  "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html"
                },
                {
                  "name": "RHSA-2016:0778",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-0778.html"
                },
                {
                  "name": "FEDORA-2015-15677",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1233667",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1233667"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-5234",
        "datePublished": "2015-10-09T14:00:00.000Z",
        "dateReserved": "2015-07-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:41:08.613Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0025 (GCVE-0-2011-0025)

    Vulnerability from nvd – Published: 2011-02-04 19:00 – Updated: 2024-08-06 21:43
    VLAI
    Summary
    IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/46110 vdb-entryx_refsource_BID
    http://www.ubuntu.com/usn/USN-1055-1 vendor-advisoryx_refsource_UBUNTU
    http://security.gentoo.org/glsa/glsa-201406-32.xml vendor-advisoryx_refsource_GENTOO
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.debian.org/security/2011/dsa-2224 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/43135 third-party-advisoryx_refsource_SECUNIA
    http://icedtea.classpath.org/hg/release/icedtea-w… x_refsource_MISC
    http://blog.fuseyism.com/index.php/2011/02/01/sec… x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    Date Public
    2011-02-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:43:13.999Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "46110",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/46110"
              },
              {
                "name": "USN-1055-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1055-1"
              },
              {
                "name": "GLSA-201406-32",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
              },
              {
                "name": "icedtea-jar-security-bypass(65151)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65151"
              },
              {
                "name": "DSA-2224",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2224"
              },
              {
                "name": "43135",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43135"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset%3Bnode=3bd328e4b515"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blog.fuseyism.com/index.php/2011/02/01/security-icedtea6-178-185-195-released/"
              },
              {
                "name": "MDVSA-2011:054",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-02-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are \"partially signed\" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "46110",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/46110"
            },
            {
              "name": "USN-1055-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1055-1"
            },
            {
              "name": "GLSA-201406-32",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "icedtea-jar-security-bypass(65151)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65151"
            },
            {
              "name": "DSA-2224",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2224"
            },
            {
              "name": "43135",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43135"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset%3Bnode=3bd328e4b515"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blog.fuseyism.com/index.php/2011/02/01/security-icedtea6-178-185-195-released/"
            },
            {
              "name": "MDVSA-2011:054",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-0025",
        "datePublished": "2011-02-04T19:00:00.000Z",
        "dateReserved": "2010-12-07T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:43:13.999Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-4351 (GCVE-0-2010-4351)

    Vulnerability from nvd – Published: 2011-01-20 18:00 – Updated: 2024-08-07 03:43
    VLAI
    Summary
    The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://blog.fuseyism.com/index.php/2011/01/18/sec… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-1055-1 vendor-advisoryx_refsource_UBUNTU
    http://security.gentoo.org/glsa/glsa-201406-32.xml vendor-advisoryx_refsource_GENTOO
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/bid/45894 vdb-entryx_refsource_BID
    http://secunia.com/advisories/43085 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/USN-1052-1 vendor-advisoryx_refsource_UBUNTU
    http://www.vupen.com/english/advisories/2011/0215 vdb-entryx_refsource_VUPEN
    http://osvdb.org/70605 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2011/0239 vdb-entryx_refsource_VUPEN
    http://www.zerodayinitiative.com/advisories/ZDI-11-014/ x_refsource_MISC
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/43002 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2011/0165 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/43078 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2011/dsa-2224 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/43135 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2011/0166 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://bugzilla.redhat.com/show_bug.cgi?id=663680 x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.redhat.com/support/errata/RHSA-2011-01… vendor-advisoryx_refsource_REDHAT
    Date Public
    2011-01-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T03:43:14.673Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blog.fuseyism.com/index.php/2011/01/18/security-icedtea6-177-184-194-released/"
              },
              {
                "name": "USN-1055-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1055-1"
              },
              {
                "name": "GLSA-201406-32",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
              },
              {
                "name": "FEDORA-2011-0521",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053276.html"
              },
              {
                "name": "45894",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/45894"
              },
              {
                "name": "43085",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43085"
              },
              {
                "name": "USN-1052-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1052-1"
              },
              {
                "name": "ADV-2011-0215",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0215"
              },
              {
                "name": "70605",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/70605"
              },
              {
                "name": "ADV-2011-0239",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0239"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-014/"
              },
              {
                "name": "FEDORA-2011-0500",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053288.html"
              },
              {
                "name": "43002",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43002"
              },
              {
                "name": "ADV-2011-0165",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0165"
              },
              {
                "name": "43078",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43078"
              },
              {
                "name": "DSA-2224",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2224"
              },
              {
                "name": "43135",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43135"
              },
              {
                "name": "ADV-2011-0166",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0166"
              },
              {
                "name": "icedtea-jnlp-code-execution(64893)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64893"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=663680"
              },
              {
                "name": "MDVSA-2011:054",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"
              },
              {
                "name": "RHSA-2011:0176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-0176.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-01-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blog.fuseyism.com/index.php/2011/01/18/security-icedtea6-177-184-194-released/"
            },
            {
              "name": "USN-1055-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1055-1"
            },
            {
              "name": "GLSA-201406-32",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "FEDORA-2011-0521",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053276.html"
            },
            {
              "name": "45894",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/45894"
            },
            {
              "name": "43085",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43085"
            },
            {
              "name": "USN-1052-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1052-1"
            },
            {
              "name": "ADV-2011-0215",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0215"
            },
            {
              "name": "70605",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/70605"
            },
            {
              "name": "ADV-2011-0239",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0239"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-014/"
            },
            {
              "name": "FEDORA-2011-0500",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053288.html"
            },
            {
              "name": "43002",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43002"
            },
            {
              "name": "ADV-2011-0165",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0165"
            },
            {
              "name": "43078",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43078"
            },
            {
              "name": "DSA-2224",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2224"
            },
            {
              "name": "43135",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43135"
            },
            {
              "name": "ADV-2011-0166",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0166"
            },
            {
              "name": "icedtea-jnlp-code-execution(64893)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64893"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=663680"
            },
            {
              "name": "MDVSA-2011:054",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"
            },
            {
              "name": "RHSA-2011:0176",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0176.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-4351",
        "datePublished": "2011-01-20T18:00:00.000Z",
        "dateReserved": "2010-11-30T00:00:00.000Z",
        "dateUpdated": "2024-08-07T03:43:14.673Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-3860 (GCVE-0-2010-3860)

    Vulnerability from nvd – Published: 2010-12-08 19:00 – Updated: 2024-08-07 03:26
    VLAI
    Summary
    IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://security.gentoo.org/glsa/glsa-201406-32.xml vendor-advisoryx_refsource_GENTOO
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/43085 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2011/0215 vdb-entryx_refsource_VUPEN
    http://www.ubuntu.com/usn/USN-1024-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/42412 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2010/3090 vdb-entryx_refsource_VUPEN
    http://blog.fuseyism.com/index.php/2010/11/24/ice… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2010/3108 vdb-entryx_refsource_VUPEN
    https://bugzilla.redhat.com/show_bug.cgi?id=645843 x_refsource_CONFIRM
    http://secunia.com/advisories/42417 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/45114 vdb-entryx_refsource_BID
    http://icedtea.classpath.org/hg/release/icedtea6-… x_refsource_CONFIRM
    http://www.redhat.com/support/errata/RHSA-2011-01… vendor-advisoryx_refsource_REDHAT
    Date Public
    2010-11-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T03:26:12.234Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-201406-32",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
              },
              {
                "name": "FEDORA-2010-18393",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051711.html"
              },
              {
                "name": "43085",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43085"
              },
              {
                "name": "ADV-2011-0215",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0215"
              },
              {
                "name": "USN-1024-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1024-1"
              },
              {
                "name": "SUSE-SR:2010:023",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
              },
              {
                "name": "42412",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42412"
              },
              {
                "name": "ADV-2010-3090",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/3090"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blog.fuseyism.com/index.php/2010/11/24/icedtea6-176-183-and-192-released/"
              },
              {
                "name": "ADV-2010-3108",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/3108"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=645843"
              },
              {
                "name": "42417",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42417"
              },
              {
                "name": "45114",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/45114"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://icedtea.classpath.org/hg/release/icedtea6-1.9/rev/9aa0018d8c28"
              },
              {
                "name": "RHSA-2011:0176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-0176.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-11-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-10-02T13:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "GLSA-201406-32",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "FEDORA-2010-18393",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051711.html"
            },
            {
              "name": "43085",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43085"
            },
            {
              "name": "ADV-2011-0215",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0215"
            },
            {
              "name": "USN-1024-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1024-1"
            },
            {
              "name": "SUSE-SR:2010:023",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
            },
            {
              "name": "42412",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42412"
            },
            {
              "name": "ADV-2010-3090",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/3090"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blog.fuseyism.com/index.php/2010/11/24/icedtea6-176-183-and-192-released/"
            },
            {
              "name": "ADV-2010-3108",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/3108"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=645843"
            },
            {
              "name": "42417",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42417"
            },
            {
              "name": "45114",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/45114"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://icedtea.classpath.org/hg/release/icedtea6-1.9/rev/9aa0018d8c28"
            },
            {
              "name": "RHSA-2011:0176",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0176.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-3860",
        "datePublished": "2010-12-08T19:00:00.000Z",
        "dateReserved": "2010-10-08T00:00:00.000Z",
        "dateUpdated": "2024-08-07T03:26:12.234Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3544 (GCVE-0-2017-3544)

    Vulnerability from cvelistv5 – Published: 2017-04-24 19:00 – Updated: 2024-10-07 16:12
    VLAI
    Summary
    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data.
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2017:1221 vendor-advisoryx_refsource_REDHAT
    https://security.gentoo.org/glsa/201705-03 vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/97745 vdb-entryx_refsource_BID
    https://access.redhat.com/errata/RHSA-2017:1220 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1117 vendor-advisoryx_refsource_REDHAT
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    https://access.redhat.com/errata/RHSA-2017:1109 vendor-advisoryx_refsource_REDHAT
    https://source.android.com/security/bulletin/2017-07-01 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038286 vdb-entryx_refsource_SECTRACK
    http://www.debian.org/security/2017/dsa-3858 vendor-advisoryx_refsource_DEBIAN
    https://access.redhat.com/errata/RHSA-2017:1108 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1204 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1118 vendor-advisoryx_refsource_REDHAT
    https://security.gentoo.org/glsa/201707-01 vendor-advisoryx_refsource_GENTOO
    https://access.redhat.com/errata/RHSA-2017:1222 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:3453 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1119 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Oracle Corporation Java Affected: Java SE: 6u141
    Affected: 7u131
    Affected: 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13
    Create a notification for this product.
    Date Public
    2017-04-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:30:57.962Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2017:1221",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1221"
              },
              {
                "name": "GLSA-201705-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201705-03"
              },
              {
                "name": "97745",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97745"
              },
              {
                "name": "RHSA-2017:1220",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1220"
              },
              {
                "name": "RHSA-2017:1117",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1117"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
              },
              {
                "name": "RHSA-2017:1109",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1109"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/2017-07-01"
              },
              {
                "name": "1038286",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038286"
              },
              {
                "name": "DSA-3858",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2017/dsa-3858"
              },
              {
                "name": "RHSA-2017:1108",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1108"
              },
              {
                "name": "RHSA-2017:1204",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1204"
              },
              {
                "name": "RHSA-2017:1118",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1118"
              },
              {
                "name": "GLSA-201707-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201707-01"
              },
              {
                "name": "RHSA-2017:1222",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1222"
              },
              {
                "name": "RHSA-2017:3453",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:3453"
              },
              {
                "name": "RHSA-2017:1119",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1119"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-3544",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-07T15:44:53.644619Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-07T16:12:23.501Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Java",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Java SE: 6u141"
                },
                {
                  "status": "affected",
                  "version": "7u131"
                },
                {
                  "status": "affected",
                  "version": "8u121; Java SE Embedded: 8u121; JRockit: R28.3.13"
                }
              ]
            }
          ],
          "datePublic": "2017-04-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "RHSA-2017:1221",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1221"
            },
            {
              "name": "GLSA-201705-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201705-03"
            },
            {
              "name": "97745",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97745"
            },
            {
              "name": "RHSA-2017:1220",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1220"
            },
            {
              "name": "RHSA-2017:1117",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1117"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
            },
            {
              "name": "RHSA-2017:1109",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1109"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://source.android.com/security/bulletin/2017-07-01"
            },
            {
              "name": "1038286",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038286"
            },
            {
              "name": "DSA-3858",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2017/dsa-3858"
            },
            {
              "name": "RHSA-2017:1108",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1108"
            },
            {
              "name": "RHSA-2017:1204",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1204"
            },
            {
              "name": "RHSA-2017:1118",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1118"
            },
            {
              "name": "GLSA-201707-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201707-01"
            },
            {
              "name": "RHSA-2017:1222",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1222"
            },
            {
              "name": "RHSA-2017:3453",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:1119",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1119"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2017-3544",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Java",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "Java SE: 6u141"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7u131"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8u121; Java SE Embedded: 8u121; JRockit: R28.3.13"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2017:1221",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1221"
                },
                {
                  "name": "GLSA-201705-03",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201705-03"
                },
                {
                  "name": "97745",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97745"
                },
                {
                  "name": "RHSA-2017:1220",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1220"
                },
                {
                  "name": "RHSA-2017:1117",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1117"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
                },
                {
                  "name": "RHSA-2017:1109",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1109"
                },
                {
                  "name": "https://source.android.com/security/bulletin/2017-07-01",
                  "refsource": "CONFIRM",
                  "url": "https://source.android.com/security/bulletin/2017-07-01"
                },
                {
                  "name": "1038286",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038286"
                },
                {
                  "name": "DSA-3858",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2017/dsa-3858"
                },
                {
                  "name": "RHSA-2017:1108",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1108"
                },
                {
                  "name": "RHSA-2017:1204",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1204"
                },
                {
                  "name": "RHSA-2017:1118",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1118"
                },
                {
                  "name": "GLSA-201707-01",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201707-01"
                },
                {
                  "name": "RHSA-2017:1222",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1222"
                },
                {
                  "name": "RHSA-2017:3453",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:3453"
                },
                {
                  "name": "RHSA-2017:1119",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1119"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2017-3544",
        "datePublished": "2017-04-24T19:00:00.000Z",
        "dateReserved": "2016-12-06T00:00:00.000Z",
        "dateUpdated": "2024-10-07T16:12:23.501Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3539 (GCVE-0-2017-3539)

    Vulnerability from cvelistv5 – Published: 2017-04-24 19:00 – Updated: 2024-10-07 16:12
    VLAI
    Summary
    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2017:1221 vendor-advisoryx_refsource_REDHAT
    https://security.gentoo.org/glsa/201705-03 vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/97752 vdb-entryx_refsource_BID
    https://access.redhat.com/errata/RHSA-2017:1220 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1117 vendor-advisoryx_refsource_REDHAT
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    https://access.redhat.com/errata/RHSA-2017:1109 vendor-advisoryx_refsource_REDHAT
    http://www.securitytracker.com/id/1038286 vdb-entryx_refsource_SECTRACK
    http://www.debian.org/security/2017/dsa-3858 vendor-advisoryx_refsource_DEBIAN
    https://access.redhat.com/errata/RHSA-2017:1108 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1204 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1118 vendor-advisoryx_refsource_REDHAT
    https://security.gentoo.org/glsa/201707-01 vendor-advisoryx_refsource_GENTOO
    https://access.redhat.com/errata/RHSA-2017:1222 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:3453 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1119 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Oracle Corporation Java Affected: Java SE: 6u141
    Affected: 7u131
    Affected: 8u121; Java SE Embedded: 8u121
    Create a notification for this product.
    Date Public
    2017-04-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:30:58.100Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2017:1221",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1221"
              },
              {
                "name": "GLSA-201705-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201705-03"
              },
              {
                "name": "97752",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97752"
              },
              {
                "name": "RHSA-2017:1220",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1220"
              },
              {
                "name": "RHSA-2017:1117",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1117"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
              },
              {
                "name": "RHSA-2017:1109",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1109"
              },
              {
                "name": "1038286",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038286"
              },
              {
                "name": "DSA-3858",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2017/dsa-3858"
              },
              {
                "name": "RHSA-2017:1108",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1108"
              },
              {
                "name": "RHSA-2017:1204",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1204"
              },
              {
                "name": "RHSA-2017:1118",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1118"
              },
              {
                "name": "GLSA-201707-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201707-01"
              },
              {
                "name": "RHSA-2017:1222",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1222"
              },
              {
                "name": "RHSA-2017:3453",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:3453"
              },
              {
                "name": "RHSA-2017:1119",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1119"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-3539",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-07T15:44:55.407374Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-07T16:12:30.341Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Java",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Java SE: 6u141"
                },
                {
                  "status": "affected",
                  "version": "7u131"
                },
                {
                  "status": "affected",
                  "version": "8u121; Java SE Embedded: 8u121"
                }
              ]
            }
          ],
          "datePublic": "2017-04-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "RHSA-2017:1221",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1221"
            },
            {
              "name": "GLSA-201705-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201705-03"
            },
            {
              "name": "97752",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97752"
            },
            {
              "name": "RHSA-2017:1220",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1220"
            },
            {
              "name": "RHSA-2017:1117",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1117"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
            },
            {
              "name": "RHSA-2017:1109",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1109"
            },
            {
              "name": "1038286",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038286"
            },
            {
              "name": "DSA-3858",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2017/dsa-3858"
            },
            {
              "name": "RHSA-2017:1108",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1108"
            },
            {
              "name": "RHSA-2017:1204",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1204"
            },
            {
              "name": "RHSA-2017:1118",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1118"
            },
            {
              "name": "GLSA-201707-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201707-01"
            },
            {
              "name": "RHSA-2017:1222",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1222"
            },
            {
              "name": "RHSA-2017:3453",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:1119",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1119"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2017-3539",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Java",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "Java SE: 6u141"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7u131"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8u121; Java SE Embedded: 8u121"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2017:1221",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1221"
                },
                {
                  "name": "GLSA-201705-03",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201705-03"
                },
                {
                  "name": "97752",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97752"
                },
                {
                  "name": "RHSA-2017:1220",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1220"
                },
                {
                  "name": "RHSA-2017:1117",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1117"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
                },
                {
                  "name": "RHSA-2017:1109",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1109"
                },
                {
                  "name": "1038286",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038286"
                },
                {
                  "name": "DSA-3858",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2017/dsa-3858"
                },
                {
                  "name": "RHSA-2017:1108",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1108"
                },
                {
                  "name": "RHSA-2017:1204",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1204"
                },
                {
                  "name": "RHSA-2017:1118",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1118"
                },
                {
                  "name": "GLSA-201707-01",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201707-01"
                },
                {
                  "name": "RHSA-2017:1222",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1222"
                },
                {
                  "name": "RHSA-2017:3453",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:3453"
                },
                {
                  "name": "RHSA-2017:1119",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1119"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2017-3539",
        "datePublished": "2017-04-24T19:00:00.000Z",
        "dateReserved": "2016-12-06T00:00:00.000Z",
        "dateUpdated": "2024-10-07T16:12:30.341Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3533 (GCVE-0-2017-3533)

    Vulnerability from cvelistv5 – Published: 2017-04-24 19:00 – Updated: 2024-10-07 16:13
    VLAI
    Summary
    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data.
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2017:1221 vendor-advisoryx_refsource_REDHAT
    https://security.gentoo.org/glsa/201705-03 vendor-advisoryx_refsource_GENTOO
    https://access.redhat.com/errata/RHSA-2017:1220 vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/97740 vdb-entryx_refsource_BID
    https://access.redhat.com/errata/RHSA-2017:1117 vendor-advisoryx_refsource_REDHAT
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    https://access.redhat.com/errata/RHSA-2017:1109 vendor-advisoryx_refsource_REDHAT
    http://www.securitytracker.com/id/1038286 vdb-entryx_refsource_SECTRACK
    http://www.debian.org/security/2017/dsa-3858 vendor-advisoryx_refsource_DEBIAN
    https://access.redhat.com/errata/RHSA-2017:1108 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1204 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1118 vendor-advisoryx_refsource_REDHAT
    https://security.gentoo.org/glsa/201707-01 vendor-advisoryx_refsource_GENTOO
    https://access.redhat.com/errata/RHSA-2017:1222 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:3453 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1119 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Oracle Corporation Java Affected: Java SE: 6u141
    Affected: 7u131
    Affected: 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13
    Create a notification for this product.
    Date Public
    2017-04-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:30:58.127Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2017:1221",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1221"
              },
              {
                "name": "GLSA-201705-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201705-03"
              },
              {
                "name": "RHSA-2017:1220",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1220"
              },
              {
                "name": "97740",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97740"
              },
              {
                "name": "RHSA-2017:1117",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1117"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
              },
              {
                "name": "RHSA-2017:1109",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1109"
              },
              {
                "name": "1038286",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038286"
              },
              {
                "name": "DSA-3858",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2017/dsa-3858"
              },
              {
                "name": "RHSA-2017:1108",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1108"
              },
              {
                "name": "RHSA-2017:1204",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1204"
              },
              {
                "name": "RHSA-2017:1118",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1118"
              },
              {
                "name": "GLSA-201707-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201707-01"
              },
              {
                "name": "RHSA-2017:1222",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1222"
              },
              {
                "name": "RHSA-2017:3453",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:3453"
              },
              {
                "name": "RHSA-2017:1119",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1119"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-3533",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-07T15:45:02.988993Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-07T16:13:05.805Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Java",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Java SE: 6u141"
                },
                {
                  "status": "affected",
                  "version": "7u131"
                },
                {
                  "status": "affected",
                  "version": "8u121; Java SE Embedded: 8u121; JRockit: R28.3.13"
                }
              ]
            }
          ],
          "datePublic": "2017-04-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "RHSA-2017:1221",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1221"
            },
            {
              "name": "GLSA-201705-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201705-03"
            },
            {
              "name": "RHSA-2017:1220",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1220"
            },
            {
              "name": "97740",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97740"
            },
            {
              "name": "RHSA-2017:1117",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1117"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
            },
            {
              "name": "RHSA-2017:1109",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1109"
            },
            {
              "name": "1038286",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038286"
            },
            {
              "name": "DSA-3858",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2017/dsa-3858"
            },
            {
              "name": "RHSA-2017:1108",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1108"
            },
            {
              "name": "RHSA-2017:1204",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1204"
            },
            {
              "name": "RHSA-2017:1118",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1118"
            },
            {
              "name": "GLSA-201707-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201707-01"
            },
            {
              "name": "RHSA-2017:1222",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1222"
            },
            {
              "name": "RHSA-2017:3453",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "RHSA-2017:1119",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1119"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2017-3533",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Java",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "Java SE: 6u141"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7u131"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8u121; Java SE Embedded: 8u121; JRockit: R28.3.13"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2017:1221",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1221"
                },
                {
                  "name": "GLSA-201705-03",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201705-03"
                },
                {
                  "name": "RHSA-2017:1220",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1220"
                },
                {
                  "name": "97740",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97740"
                },
                {
                  "name": "RHSA-2017:1117",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1117"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
                },
                {
                  "name": "RHSA-2017:1109",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1109"
                },
                {
                  "name": "1038286",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038286"
                },
                {
                  "name": "DSA-3858",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2017/dsa-3858"
                },
                {
                  "name": "RHSA-2017:1108",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1108"
                },
                {
                  "name": "RHSA-2017:1204",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1204"
                },
                {
                  "name": "RHSA-2017:1118",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1118"
                },
                {
                  "name": "GLSA-201707-01",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201707-01"
                },
                {
                  "name": "RHSA-2017:1222",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1222"
                },
                {
                  "name": "RHSA-2017:3453",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:3453"
                },
                {
                  "name": "RHSA-2017:1119",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1119"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2017-3533",
        "datePublished": "2017-04-24T19:00:00.000Z",
        "dateReserved": "2016-12-06T00:00:00.000Z",
        "dateUpdated": "2024-10-07T16:13:05.805Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3512 (GCVE-0-2017-3512)

    Vulnerability from cvelistv5 – Published: 2017-04-24 19:00 – Updated: 2024-10-04 19:25
    VLAI
    Summary
    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.
    Assigner
    References
    URL Tags
    https://security.gentoo.org/glsa/201705-03 vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/97727 vdb-entryx_refsource_BID
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038286 vdb-entryx_refsource_SECTRACK
    https://security.gentoo.org/glsa/201707-01 vendor-advisoryx_refsource_GENTOO
    Impacted products
    Vendor Product Version
    Oracle Corporation Java Affected: Java SE: 7u131
    Affected: 8u121
    Create a notification for this product.
    Date Public
    2017-04-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:30:57.616Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-201705-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201705-03"
              },
              {
                "name": "97727",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97727"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
              },
              {
                "name": "1038286",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038286"
              },
              {
                "name": "GLSA-201707-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201707-01"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-3512",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-04T16:22:49.275430Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-04T19:25:40.656Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Java",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Java SE: 7u131"
                },
                {
                  "status": "affected",
                  "version": "8u121"
                }
              ]
            }
          ],
          "datePublic": "2017-04-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T09:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "GLSA-201705-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201705-03"
            },
            {
              "name": "97727",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97727"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
            },
            {
              "name": "1038286",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038286"
            },
            {
              "name": "GLSA-201707-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201707-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2017-3512",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Java",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "Java SE: 7u131"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8u121"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-201705-03",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201705-03"
                },
                {
                  "name": "97727",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97727"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
                },
                {
                  "name": "1038286",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038286"
                },
                {
                  "name": "GLSA-201707-01",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201707-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2017-3512",
        "datePublished": "2017-04-24T19:00:00.000Z",
        "dateReserved": "2016-12-06T00:00:00.000Z",
        "dateUpdated": "2024-10-04T19:25:40.656Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-5234 (GCVE-0-2015-5234)

    Vulnerability from cvelistv5 – Published: 2015-10-09 14:00 – Updated: 2024-08-06 06:41
    VLAI
    Summary
    IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-09-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:41:08.613Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2817-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2817-1"
              },
              {
                "name": "openSUSE-SU-2015:1595",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
              },
              {
                "name": "FEDORA-2015-15676",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html"
              },
              {
                "name": "1033780",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1033780"
              },
              {
                "name": "[distro-pkg-dev] 20150911 IcedTea-Web 1.6.1 and 1.5.3 released",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html"
              },
              {
                "name": "RHSA-2016:0778",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0778.html"
              },
              {
                "name": "FEDORA-2015-15677",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1233667"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-09-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-06T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-2817-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2817-1"
            },
            {
              "name": "openSUSE-SU-2015:1595",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "name": "FEDORA-2015-15676",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html"
            },
            {
              "name": "1033780",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1033780"
            },
            {
              "name": "[distro-pkg-dev] 20150911 IcedTea-Web 1.6.1 and 1.5.3 released",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html"
            },
            {
              "name": "RHSA-2016:0778",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0778.html"
            },
            {
              "name": "FEDORA-2015-15677",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1233667"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2015-5234",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-2817-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2817-1"
                },
                {
                  "name": "openSUSE-SU-2015:1595",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
                },
                {
                  "name": "FEDORA-2015-15676",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html"
                },
                {
                  "name": "1033780",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1033780"
                },
                {
                  "name": "[distro-pkg-dev] 20150911 IcedTea-Web 1.6.1 and 1.5.3 released",
                  "refsource": "MLIST",
                  "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html"
                },
                {
                  "name": "RHSA-2016:0778",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-0778.html"
                },
                {
                  "name": "FEDORA-2015-15677",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1233667",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1233667"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-5234",
        "datePublished": "2015-10-09T14:00:00.000Z",
        "dateReserved": "2015-07-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:41:08.613Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-5235 (GCVE-0-2015-5235)

    Vulnerability from cvelistv5 – Published: 2015-10-09 14:00 – Updated: 2024-08-06 06:41
    VLAI
    Summary
    IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-09-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:41:08.683Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2817-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2817-1"
              },
              {
                "name": "openSUSE-SU-2015:1595",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1233697"
              },
              {
                "name": "FEDORA-2015-15676",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html"
              },
              {
                "name": "1033780",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1033780"
              },
              {
                "name": "[distro-pkg-dev] 20150911 IcedTea-Web 1.6.1 and 1.5.3 released",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html"
              },
              {
                "name": "RHSA-2016:0778",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0778.html"
              },
              {
                "name": "FEDORA-2015-15677",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-09-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-06T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-2817-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2817-1"
            },
            {
              "name": "openSUSE-SU-2015:1595",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1233697"
            },
            {
              "name": "FEDORA-2015-15676",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html"
            },
            {
              "name": "1033780",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1033780"
            },
            {
              "name": "[distro-pkg-dev] 20150911 IcedTea-Web 1.6.1 and 1.5.3 released",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html"
            },
            {
              "name": "RHSA-2016:0778",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0778.html"
            },
            {
              "name": "FEDORA-2015-15677",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2015-5235",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-2817-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2817-1"
                },
                {
                  "name": "openSUSE-SU-2015:1595",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1233697",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1233697"
                },
                {
                  "name": "FEDORA-2015-15676",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html"
                },
                {
                  "name": "1033780",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1033780"
                },
                {
                  "name": "[distro-pkg-dev] 20150911 IcedTea-Web 1.6.1 and 1.5.3 released",
                  "refsource": "MLIST",
                  "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html"
                },
                {
                  "name": "RHSA-2016:0778",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-0778.html"
                },
                {
                  "name": "FEDORA-2015-15677",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-5235",
        "datePublished": "2015-10-09T14:00:00.000Z",
        "dateReserved": "2015-07-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:41:08.683Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0025 (GCVE-0-2011-0025)

    Vulnerability from cvelistv5 – Published: 2011-02-04 19:00 – Updated: 2024-08-06 21:43
    VLAI
    Summary
    IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/46110 vdb-entryx_refsource_BID
    http://www.ubuntu.com/usn/USN-1055-1 vendor-advisoryx_refsource_UBUNTU
    http://security.gentoo.org/glsa/glsa-201406-32.xml vendor-advisoryx_refsource_GENTOO
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.debian.org/security/2011/dsa-2224 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/43135 third-party-advisoryx_refsource_SECUNIA
    http://icedtea.classpath.org/hg/release/icedtea-w… x_refsource_MISC
    http://blog.fuseyism.com/index.php/2011/02/01/sec… x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    Date Public
    2011-02-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:43:13.999Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "46110",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/46110"
              },
              {
                "name": "USN-1055-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1055-1"
              },
              {
                "name": "GLSA-201406-32",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
              },
              {
                "name": "icedtea-jar-security-bypass(65151)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65151"
              },
              {
                "name": "DSA-2224",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2224"
              },
              {
                "name": "43135",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43135"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset%3Bnode=3bd328e4b515"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blog.fuseyism.com/index.php/2011/02/01/security-icedtea6-178-185-195-released/"
              },
              {
                "name": "MDVSA-2011:054",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-02-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are \"partially signed\" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "46110",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/46110"
            },
            {
              "name": "USN-1055-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1055-1"
            },
            {
              "name": "GLSA-201406-32",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "icedtea-jar-security-bypass(65151)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65151"
            },
            {
              "name": "DSA-2224",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2224"
            },
            {
              "name": "43135",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43135"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset%3Bnode=3bd328e4b515"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blog.fuseyism.com/index.php/2011/02/01/security-icedtea6-178-185-195-released/"
            },
            {
              "name": "MDVSA-2011:054",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-0025",
        "datePublished": "2011-02-04T19:00:00.000Z",
        "dateReserved": "2010-12-07T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:43:13.999Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-4351 (GCVE-0-2010-4351)

    Vulnerability from cvelistv5 – Published: 2011-01-20 18:00 – Updated: 2024-08-07 03:43
    VLAI
    Summary
    The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://blog.fuseyism.com/index.php/2011/01/18/sec… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-1055-1 vendor-advisoryx_refsource_UBUNTU
    http://security.gentoo.org/glsa/glsa-201406-32.xml vendor-advisoryx_refsource_GENTOO
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/bid/45894 vdb-entryx_refsource_BID
    http://secunia.com/advisories/43085 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/USN-1052-1 vendor-advisoryx_refsource_UBUNTU
    http://www.vupen.com/english/advisories/2011/0215 vdb-entryx_refsource_VUPEN
    http://osvdb.org/70605 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2011/0239 vdb-entryx_refsource_VUPEN
    http://www.zerodayinitiative.com/advisories/ZDI-11-014/ x_refsource_MISC
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/43002 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2011/0165 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/43078 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2011/dsa-2224 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/43135 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2011/0166 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://bugzilla.redhat.com/show_bug.cgi?id=663680 x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.redhat.com/support/errata/RHSA-2011-01… vendor-advisoryx_refsource_REDHAT
    Date Public
    2011-01-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T03:43:14.673Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blog.fuseyism.com/index.php/2011/01/18/security-icedtea6-177-184-194-released/"
              },
              {
                "name": "USN-1055-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1055-1"
              },
              {
                "name": "GLSA-201406-32",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
              },
              {
                "name": "FEDORA-2011-0521",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053276.html"
              },
              {
                "name": "45894",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/45894"
              },
              {
                "name": "43085",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43085"
              },
              {
                "name": "USN-1052-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1052-1"
              },
              {
                "name": "ADV-2011-0215",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0215"
              },
              {
                "name": "70605",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/70605"
              },
              {
                "name": "ADV-2011-0239",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0239"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-014/"
              },
              {
                "name": "FEDORA-2011-0500",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053288.html"
              },
              {
                "name": "43002",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43002"
              },
              {
                "name": "ADV-2011-0165",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0165"
              },
              {
                "name": "43078",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43078"
              },
              {
                "name": "DSA-2224",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2224"
              },
              {
                "name": "43135",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43135"
              },
              {
                "name": "ADV-2011-0166",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0166"
              },
              {
                "name": "icedtea-jnlp-code-execution(64893)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64893"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=663680"
              },
              {
                "name": "MDVSA-2011:054",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"
              },
              {
                "name": "RHSA-2011:0176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-0176.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-01-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blog.fuseyism.com/index.php/2011/01/18/security-icedtea6-177-184-194-released/"
            },
            {
              "name": "USN-1055-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1055-1"
            },
            {
              "name": "GLSA-201406-32",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "FEDORA-2011-0521",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053276.html"
            },
            {
              "name": "45894",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/45894"
            },
            {
              "name": "43085",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43085"
            },
            {
              "name": "USN-1052-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1052-1"
            },
            {
              "name": "ADV-2011-0215",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0215"
            },
            {
              "name": "70605",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/70605"
            },
            {
              "name": "ADV-2011-0239",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0239"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-014/"
            },
            {
              "name": "FEDORA-2011-0500",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053288.html"
            },
            {
              "name": "43002",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43002"
            },
            {
              "name": "ADV-2011-0165",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0165"
            },
            {
              "name": "43078",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43078"
            },
            {
              "name": "DSA-2224",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2224"
            },
            {
              "name": "43135",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43135"
            },
            {
              "name": "ADV-2011-0166",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0166"
            },
            {
              "name": "icedtea-jnlp-code-execution(64893)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64893"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=663680"
            },
            {
              "name": "MDVSA-2011:054",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"
            },
            {
              "name": "RHSA-2011:0176",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0176.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-4351",
        "datePublished": "2011-01-20T18:00:00.000Z",
        "dateReserved": "2010-11-30T00:00:00.000Z",
        "dateUpdated": "2024-08-07T03:43:14.673Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-3860 (GCVE-0-2010-3860)

    Vulnerability from cvelistv5 – Published: 2010-12-08 19:00 – Updated: 2024-08-07 03:26
    VLAI
    Summary
    IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://security.gentoo.org/glsa/glsa-201406-32.xml vendor-advisoryx_refsource_GENTOO
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/43085 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2011/0215 vdb-entryx_refsource_VUPEN
    http://www.ubuntu.com/usn/USN-1024-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/42412 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2010/3090 vdb-entryx_refsource_VUPEN
    http://blog.fuseyism.com/index.php/2010/11/24/ice… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2010/3108 vdb-entryx_refsource_VUPEN
    https://bugzilla.redhat.com/show_bug.cgi?id=645843 x_refsource_CONFIRM
    http://secunia.com/advisories/42417 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/45114 vdb-entryx_refsource_BID
    http://icedtea.classpath.org/hg/release/icedtea6-… x_refsource_CONFIRM
    http://www.redhat.com/support/errata/RHSA-2011-01… vendor-advisoryx_refsource_REDHAT
    Date Public
    2010-11-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T03:26:12.234Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-201406-32",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
              },
              {
                "name": "FEDORA-2010-18393",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051711.html"
              },
              {
                "name": "43085",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43085"
              },
              {
                "name": "ADV-2011-0215",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0215"
              },
              {
                "name": "USN-1024-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1024-1"
              },
              {
                "name": "SUSE-SR:2010:023",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
              },
              {
                "name": "42412",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42412"
              },
              {
                "name": "ADV-2010-3090",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/3090"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blog.fuseyism.com/index.php/2010/11/24/icedtea6-176-183-and-192-released/"
              },
              {
                "name": "ADV-2010-3108",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/3108"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=645843"
              },
              {
                "name": "42417",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42417"
              },
              {
                "name": "45114",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/45114"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://icedtea.classpath.org/hg/release/icedtea6-1.9/rev/9aa0018d8c28"
              },
              {
                "name": "RHSA-2011:0176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-0176.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-11-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-10-02T13:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "GLSA-201406-32",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "FEDORA-2010-18393",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051711.html"
            },
            {
              "name": "43085",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43085"
            },
            {
              "name": "ADV-2011-0215",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0215"
            },
            {
              "name": "USN-1024-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1024-1"
            },
            {
              "name": "SUSE-SR:2010:023",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
            },
            {
              "name": "42412",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42412"
            },
            {
              "name": "ADV-2010-3090",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/3090"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blog.fuseyism.com/index.php/2010/11/24/icedtea6-176-183-and-192-released/"
            },
            {
              "name": "ADV-2010-3108",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/3108"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=645843"
            },
            {
              "name": "42417",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42417"
            },
            {
              "name": "45114",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/45114"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://icedtea.classpath.org/hg/release/icedtea6-1.9/rev/9aa0018d8c28"
            },
            {
              "name": "RHSA-2011:0176",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0176.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-3860",
        "datePublished": "2010-12-08T19:00:00.000Z",
        "dateReserved": "2010-10-08T00:00:00.000Z",
        "dateUpdated": "2024-08-07T03:26:12.234Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }