ID CVE-2017-3262
Summary Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to Java Mission Control Installation. CVSS v3.0 Base Score 5.3 (Confidentiality impacts).
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:jdk:1.8:update_112
    cpe:2.3:a:oracle:jdk:1.8:update_112
  • cpe:2.3:a:oracle:jre:1.8:update_112
    cpe:2.3:a:oracle:jre:1.8:update_112
CVSS
Base: 5.0 (as of 30-01-2017 - 22:29)
Impact:
Exploitability:
CWE CWE-284
CAPEC
  • Embedding Scripts within Scripts
    An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
  • Signature Spoofing by Key Theft
    An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-0016_OPENJDK.NASL
    description An update of the openjdk package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121693
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121693
    title Photon OS 1.0: Openjdk PHSA-2017-0016
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-0175.NASL
    description An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 121. Security Fix(es) : * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2016-8328, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3262, CVE-2017-3272, CVE-2017-3289) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 96650
    published 2017-01-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96650
    title RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2017:0175)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-0016_OPENJRE.NASL
    description An update of the openjre package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121694
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121694
    title Photon OS 1.0: Openjre PHSA-2017-0016
  • NASL family Misc.
    NASL id ORACLE_JAVA_CPU_JAN_2017_UNIX.NASL
    description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 121, 7 Update 131, or 6 Update 141. It is, therefore, affected by multiple vulnerabilities : - A vulnerability exists in the Libraries subcomponent, known as SWEET32, in the 3DES and Blowfish algorithms due to the use of weak 64-bit block ciphers by default. A man-in-the-middle attacker who has sufficient resources can exploit this vulnerability, via a 'birthday' attack, to detect a collision that leaks the XOR between the fixed secret and a known plaintext, allowing the disclosure of the secret text, such as secure HTTPS cookies, and possibly resulting in the hijacking of an authenticated session. (CVE-2016-2183) - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5546) - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-5547) - Multiple unspecified flaws exist in the Libraries subcomponent that allow an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5548, CVE-2016-5549) - An unspecified flaw exists in the Networking subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5552) - An unspecified flaw exists in the Mission Control subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-8328) - Multiple unspecified flaws exist in the Networking subcomponent that allow an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-3231, CVE-2017-3261) - An unspecified flaw exists in the RMI subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3241) - An unspecified flaw exists in the JAAS subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2017-3252) - An unspecified flaw exists in the 2D subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-3253) - An unspecified flaw exists in the Deployment subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-3259) - An unspecified flaw exists in the AWT subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3260) - An unspecified flaw exists in the Java Mission Control subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-3262) - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3272) - An unspecified flaw exists in the Hotspot subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3289) Note that CVE-2017-3241 can only be exploited by supplying data to APIs in the specified component without using untrusted Java Web Start applications or untrusted Java applets, such as through a web service. Note that CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5552, CVE-2017-3252, and CVE-2017-3253 can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. They can also be exploited by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 96629
    published 2017-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96629
    title Oracle Java SE Multiple Vulnerabilities (January 2017 CPU) (Unix) (SWEET32)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-0016.NASL
    description An update of [gnutls,openjdk,openjre] packages for PhotonOS has been released.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 111865
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111865
    title Photon OS 1.0: Gnutls / Linux / Openjdk / Openjre PHSA-2017-0016 (deprecated)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201701-65.NASL
    description The remote host is affected by the vulnerability described in GLSA-201701-65 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in in Oracle’s JRE and JDK. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, gain access to information, or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2017-10-02
    plugin id 96787
    published 2017-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96787
    title GLSA-201701-65 : Oracle JRE/JDK: Multiple vulnerabilities
  • NASL family Windows
    NASL id ORACLE_JAVA_CPU_JAN_2017.NASL
    description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 121, 7 Update 131, or 6 Update 141. It is, therefore, affected by multiple vulnerabilities : - A vulnerability exists in the Libraries subcomponent, known as SWEET32, in the 3DES and Blowfish algorithms due to the use of weak 64-bit block ciphers by default. A man-in-the-middle attacker who has sufficient resources can exploit this vulnerability, via a 'birthday' attack, to detect a collision that leaks the XOR between the fixed secret and a known plaintext, allowing the disclosure of the secret text, such as secure HTTPS cookies, and possibly resulting in the hijacking of an authenticated session. (CVE-2016-2183) - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5546) - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-5547) - Multiple unspecified flaws exist in the Libraries subcomponent that allow an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5548, CVE-2016-5549) - An unspecified flaw exists in the Networking subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5552) - An unspecified flaw exists in the Mission Control subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-8328) - Multiple unspecified flaws exist in the Networking subcomponent that allow an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-3231, CVE-2017-3261) - An unspecified flaw exists in the RMI subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3241) - An unspecified flaw exists in the JAAS subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2017-3252) - An unspecified flaw exists in the 2D subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-3253) - An unspecified flaw exists in the Deployment subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-3259) - An unspecified flaw exists in the AWT subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3260) - An unspecified flaw exists in the Java Mission Control subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-3262) - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3272) - An unspecified flaw exists in the Hotspot subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3289) Note that CVE-2017-3241 can only be exploited by supplying data to APIs in the specified component without using untrusted Java Web Start applications or untrusted Java applets, such as through a web service. Note that CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5552, CVE-2017-3252, and CVE-2017-3253 can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. They can also be exploited by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 96628
    published 2017-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96628
    title Oracle Java SE Multiple Vulnerabilities (January 2017 CPU) (SWEET32)
redhat via4
advisories
rhsa
id RHSA-2017:0175
refmap via4
bid 95578
confirm
gentoo GLSA-201701-65
sectrack 1037637
Last major update 10-02-2017 - 21:59
Published 27-01-2017 - 17:59
Last modified 04-01-2018 - 21:31
Back to Top