ByteOS Network

Vulnerability Details :

CVE-2017-3533

Assigner-oracle

Assigner Org ID-43595867-4340-4103-b7a2-9a5208d29a85

Published At-24 Apr, 2017 | 19:00

Updated At-07 Oct, 2024 | 16:13

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:oracle

Assigner Org ID:43595867-4340-4103-b7a2-9a5208d29a85

Published At:24 Apr, 2017 | 19:00

Updated At:07 Oct, 2024 | 16:13

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

Oracle Corporation

Product

Java

Versions

Affected

Java SE: 6u141
7u131
8u121; Java SE Embedded: 8u121; JRockit: R28.3.13

Problem Types

Type	CWE ID	Description
text	N/A	Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data.

Type: text

CWE ID: N/A

Description: Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data.

References

Hyperlink	Resource
https://access.redhat.com/errata/RHSA-2017:1221	vendor-advisory x_refsource_REDHAT
https://security.gentoo.org/glsa/201705-03	vendor-advisory x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2017:1220	vendor-advisory x_refsource_REDHAT
http://www.securityfocus.com/bid/97740	vdb-entry x_refsource_BID
https://access.redhat.com/errata/RHSA-2017:1117	vendor-advisory x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1109	vendor-advisory x_refsource_REDHAT
http://www.securitytracker.com/id/1038286	vdb-entry x_refsource_SECTRACK
http://www.debian.org/security/2017/dsa-3858	vendor-advisory x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:1108	vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1204	vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1118	vendor-advisory x_refsource_REDHAT
https://security.gentoo.org/glsa/201707-01	vendor-advisory x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2017:1222	vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3453	vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1119	vendor-advisory x_refsource_REDHAT

Hyperlink: https://access.redhat.com/errata/RHSA-2017:1221

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://security.gentoo.org/glsa/201705-03

Resource:

vendor-advisory

x_refsource_GENTOO

Hyperlink: https://access.redhat.com/errata/RHSA-2017:1220

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: http://www.securityfocus.com/bid/97740

Resource:

vdb-entry

x_refsource_BID

Hyperlink: https://access.redhat.com/errata/RHSA-2017:1117

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

Resource:

x_refsource_CONFIRM

Hyperlink: https://access.redhat.com/errata/RHSA-2017:1109

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: http://www.securitytracker.com/id/1038286

Resource:

vdb-entry

x_refsource_SECTRACK

Hyperlink: http://www.debian.org/security/2017/dsa-3858

Resource:

vendor-advisory

x_refsource_DEBIAN

Hyperlink: https://access.redhat.com/errata/RHSA-2017:1108

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://access.redhat.com/errata/RHSA-2017:1204

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://access.redhat.com/errata/RHSA-2017:1118

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://security.gentoo.org/glsa/201707-01

Resource:

vendor-advisory

x_refsource_GENTOO

Hyperlink: https://access.redhat.com/errata/RHSA-2017:1222

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://access.redhat.com/errata/RHSA-2017:3453

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://access.redhat.com/errata/RHSA-2017:1119

Resource:

vendor-advisory

x_refsource_REDHAT

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://access.redhat.com/errata/RHSA-2017:1221	vendor-advisory x_refsource_REDHAT x_transferred
https://security.gentoo.org/glsa/201705-03	vendor-advisory x_refsource_GENTOO x_transferred
https://access.redhat.com/errata/RHSA-2017:1220	vendor-advisory x_refsource_REDHAT x_transferred
http://www.securityfocus.com/bid/97740	vdb-entry x_refsource_BID x_transferred
https://access.redhat.com/errata/RHSA-2017:1117	vendor-advisory x_refsource_REDHAT x_transferred
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html	x_refsource_CONFIRM x_transferred
https://access.redhat.com/errata/RHSA-2017:1109	vendor-advisory x_refsource_REDHAT x_transferred
http://www.securitytracker.com/id/1038286	vdb-entry x_refsource_SECTRACK x_transferred
http://www.debian.org/security/2017/dsa-3858	vendor-advisory x_refsource_DEBIAN x_transferred
https://access.redhat.com/errata/RHSA-2017:1108	vendor-advisory x_refsource_REDHAT x_transferred
https://access.redhat.com/errata/RHSA-2017:1204	vendor-advisory x_refsource_REDHAT x_transferred
https://access.redhat.com/errata/RHSA-2017:1118	vendor-advisory x_refsource_REDHAT x_transferred
https://security.gentoo.org/glsa/201707-01	vendor-advisory x_refsource_GENTOO x_transferred
https://access.redhat.com/errata/RHSA-2017:1222	vendor-advisory x_refsource_REDHAT x_transferred
https://access.redhat.com/errata/RHSA-2017:3453	vendor-advisory x_refsource_REDHAT x_transferred
https://access.redhat.com/errata/RHSA-2017:1119	vendor-advisory x_refsource_REDHAT x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2017:1221

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: https://security.gentoo.org/glsa/201705-03

Resource:

vendor-advisory

x_refsource_GENTOO

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2017:1220

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: http://www.securityfocus.com/bid/97740

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2017:1117

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2017:1109

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: http://www.securitytracker.com/id/1038286

Resource:

vdb-entry

x_refsource_SECTRACK

x_transferred

Hyperlink: http://www.debian.org/security/2017/dsa-3858

Resource:

vendor-advisory

x_refsource_DEBIAN

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2017:1108

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2017:1204

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2017:1118

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: https://security.gentoo.org/glsa/201707-01

Resource:

vendor-advisory

x_refsource_GENTOO

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2017:1222

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2017:3453

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2017:1119

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

2. CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:secalert_us@oracle.com

Published At:24 Apr, 2017 | 19:59

Updated At:20 Apr, 2025 | 01:37

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	3.7	LOW	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N

Type: Primary

Version: 3.0

Base score: 3.7

Base severity: LOW

Vector:

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:N/I:P/A:N

CPE Matches

Oracle Corporation

>>jdk>>1.6.0

cpe:2.3:a:oracle:jdk:1.6.0:update141:*:*:*:*:*:*

Oracle Corporation

>>jdk>>1.7.0

cpe:2.3:a:oracle:jdk:1.7.0:update131:*:*:*:*:*:*

Oracle Corporation

>>jdk>>1.8.0

cpe:2.3:a:oracle:jdk:1.8.0:update121:*:*:*:*:*:*

Oracle Corporation

>>jre>>1.6.0

cpe:2.3:a:oracle:jre:1.6.0:update141:*:*:*:*:*:*

Oracle Corporation

>>jre>>1.7.0

cpe:2.3:a:oracle:jre:1.7.0:update_131:*:*:*:*:*:*

Oracle Corporation

>>jre>>1.8.0

cpe:2.3:a:oracle:jre:1.8.0:update_121:*:*:*:*:*:*

Oracle Corporation

>>jrockit>>r28.3.13

Hyperlink	Source	Resource
http://www.debian.org/security/2017/dsa-3858	secalert_us@oracle.com	Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html	secalert_us@oracle.com	Patch Vendor Advisory
http://www.securityfocus.com/bid/97740	secalert_us@oracle.com	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038286	secalert_us@oracle.com	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:1108	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1109	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1117	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1118	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1119	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1204	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1220	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1221	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1222	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3453	secalert_us@oracle.com	Third Party Advisory
https://security.gentoo.org/glsa/201705-03	secalert_us@oracle.com	Third Party Advisory
https://security.gentoo.org/glsa/201707-01	secalert_us@oracle.com	Third Party Advisory
http://www.debian.org/security/2017/dsa-3858	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://www.securityfocus.com/bid/97740	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038286	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:1108	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1109	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1117	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1118	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1119	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1204	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1220	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1221	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1222	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3453	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://security.gentoo.org/glsa/201705-03	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://security.gentoo.org/glsa/201707-01	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory

CVE-2017-3533

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs