CVE-2017-10388
CVE-2017-10388
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).
Productos afectados
Oracle Corporation · Java¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://access.redhat.com/errata/RHSA-2017:2998https://access.redhat.com/errata/RHSA-2017:2999https://access.redhat.com/errata/RHSA-2017:3046https://access.redhat.com/errata/RHSA-2017:3047https://access.redhat.com/errata/RHSA-2017:3264https://access.redhat.com/errata/RHSA-2017:3267https://access.redhat.com/errata/RHSA-2017:3268https://access.redhat.com/errata/RHSA-2017:3392https://access.redhat.com/errata/RHSA-2017:3453https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlhttps://security.gentoo.org/glsa/201710-31https://security.gentoo.org/glsa/201711-14