ID CVE-2017-10243
Summary Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:jrockit:r28.3.14:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jrockit:r28.3.14:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 13-05-2022 - 14:57)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 1472345
    title CVE-2017-10102 OpenJDK: incorrect handling of references in DGC (RMI, 8163958)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment java-1.8.0-openjdk is earlier than 1:1.8.0.141-1.b16.el7_3
            oval oval:com.redhat.rhsa:tst:20171789001
          • comment java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636002
        • AND
          • comment java-1.8.0-openjdk-accessibility is earlier than 1:1.8.0.141-1.b16.el7_3
            oval oval:com.redhat.rhsa:tst:20171789003
          • comment java-1.8.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150809016
        • AND
          • comment java-1.8.0-openjdk-accessibility-debug is earlier than 1:1.8.0.141-1.b16.el7_3
            oval oval:com.redhat.rhsa:tst:20171789005
          • comment java-1.8.0-openjdk-accessibility-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20160049006
        • AND
          • comment java-1.8.0-openjdk-debug is earlier than 1:1.8.0.141-1.b16.el7_3
            oval oval:com.redhat.rhsa:tst:20171789007
          • comment java-1.8.0-openjdk-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919004
        • AND
          • comment java-1.8.0-openjdk-demo is earlier than 1:1.8.0.141-1.b16.el7_3
            oval oval:com.redhat.rhsa:tst:20171789009
          • comment java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636004
        • AND
          • comment java-1.8.0-openjdk-demo-debug is earlier than 1:1.8.0.141-1.b16.el7_3
            oval oval:com.redhat.rhsa:tst:20171789011
          • comment java-1.8.0-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919008
        • AND
          • comment java-1.8.0-openjdk-devel is earlier than 1:1.8.0.141-1.b16.el7_3
            oval oval:com.redhat.rhsa:tst:20171789013
          • comment java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636006
        • AND
          • comment java-1.8.0-openjdk-devel-debug is earlier than 1:1.8.0.141-1.b16.el7_3
            oval oval:com.redhat.rhsa:tst:20171789015
          • comment java-1.8.0-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919012
        • AND
          • comment java-1.8.0-openjdk-headless is earlier than 1:1.8.0.141-1.b16.el7_3
            oval oval:com.redhat.rhsa:tst:20171789017
          • comment java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636008
        • AND
          • comment java-1.8.0-openjdk-headless-debug is earlier than 1:1.8.0.141-1.b16.el7_3
            oval oval:com.redhat.rhsa:tst:20171789019
          • comment java-1.8.0-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919016
        • AND
          • comment java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.141-1.b16.el7_3
            oval oval:com.redhat.rhsa:tst:20171789021
          • comment java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636010
        • AND
          • comment java-1.8.0-openjdk-javadoc-debug is earlier than 1:1.8.0.141-1.b16.el7_3
            oval oval:com.redhat.rhsa:tst:20171789023
          • comment java-1.8.0-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919020
        • AND
          • comment java-1.8.0-openjdk-javadoc-zip is earlier than 1:1.8.0.141-1.b16.el7_3
            oval oval:com.redhat.rhsa:tst:20171789025
          • comment java-1.8.0-openjdk-javadoc-zip is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20170180041
        • AND
          • comment java-1.8.0-openjdk-javadoc-zip-debug is earlier than 1:1.8.0.141-1.b16.el7_3
            oval oval:com.redhat.rhsa:tst:20171789027
          • comment java-1.8.0-openjdk-javadoc-zip-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20170180043
        • AND
          • comment java-1.8.0-openjdk-src is earlier than 1:1.8.0.141-1.b16.el7_3
            oval oval:com.redhat.rhsa:tst:20171789029
          • comment java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636012
        • AND
          • comment java-1.8.0-openjdk-src-debug is earlier than 1:1.8.0.141-1.b16.el7_3
            oval oval:com.redhat.rhsa:tst:20171789031
          • comment java-1.8.0-openjdk-src-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919024
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment java-1.8.0-openjdk is earlier than 1:1.8.0.141-2.b16.el6_9
            oval oval:com.redhat.rhsa:tst:20171789034
          • comment java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636002
        • AND
          • comment java-1.8.0-openjdk-debug is earlier than 1:1.8.0.141-2.b16.el6_9
            oval oval:com.redhat.rhsa:tst:20171789035
          • comment java-1.8.0-openjdk-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919004
        • AND
          • comment java-1.8.0-openjdk-demo is earlier than 1:1.8.0.141-2.b16.el6_9
            oval oval:com.redhat.rhsa:tst:20171789036
          • comment java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636004
        • AND
          • comment java-1.8.0-openjdk-demo-debug is earlier than 1:1.8.0.141-2.b16.el6_9
            oval oval:com.redhat.rhsa:tst:20171789037
          • comment java-1.8.0-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919008
        • AND
          • comment java-1.8.0-openjdk-devel is earlier than 1:1.8.0.141-2.b16.el6_9
            oval oval:com.redhat.rhsa:tst:20171789038
          • comment java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636006
        • AND
          • comment java-1.8.0-openjdk-devel-debug is earlier than 1:1.8.0.141-2.b16.el6_9
            oval oval:com.redhat.rhsa:tst:20171789039
          • comment java-1.8.0-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919012
        • AND
          • comment java-1.8.0-openjdk-headless is earlier than 1:1.8.0.141-2.b16.el6_9
            oval oval:com.redhat.rhsa:tst:20171789040
          • comment java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636008
        • AND
          • comment java-1.8.0-openjdk-headless-debug is earlier than 1:1.8.0.141-2.b16.el6_9
            oval oval:com.redhat.rhsa:tst:20171789041
          • comment java-1.8.0-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919016
        • AND
          • comment java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.141-2.b16.el6_9
            oval oval:com.redhat.rhsa:tst:20171789042
          • comment java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636010
        • AND
          • comment java-1.8.0-openjdk-javadoc-debug is earlier than 1:1.8.0.141-2.b16.el6_9
            oval oval:com.redhat.rhsa:tst:20171789043
          • comment java-1.8.0-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919020
        • AND
          • comment java-1.8.0-openjdk-src is earlier than 1:1.8.0.141-2.b16.el6_9
            oval oval:com.redhat.rhsa:tst:20171789044
          • comment java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636012
        • AND
          • comment java-1.8.0-openjdk-src-debug is earlier than 1:1.8.0.141-2.b16.el6_9
            oval oval:com.redhat.rhsa:tst:20171789045
          • comment java-1.8.0-openjdk-src-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919024
    rhsa
    id RHSA-2017:1789
    released 2017-07-20
    severity Critical
    title RHSA-2017:1789: java-1.8.0-openjdk security update (Critical)
  • bugzilla
    id 1472667
    title CVE-2017-10105 Oracle JDK: unspecified vulnerability fixed in 6u161, 7u151, and 8u141 (Deployment)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment java-1.8.0-oracle is earlier than 1:1.8.0.141-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171790001
          • comment java-1.8.0-oracle is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080002
        • AND
          • comment java-1.8.0-oracle-devel is earlier than 1:1.8.0.141-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171790003
          • comment java-1.8.0-oracle-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080004
        • AND
          • comment java-1.8.0-oracle-javafx is earlier than 1:1.8.0.141-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171790005
          • comment java-1.8.0-oracle-javafx is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080006
        • AND
          • comment java-1.8.0-oracle-jdbc is earlier than 1:1.8.0.141-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171790007
          • comment java-1.8.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080008
        • AND
          • comment java-1.8.0-oracle-plugin is earlier than 1:1.8.0.141-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171790009
          • comment java-1.8.0-oracle-plugin is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080010
        • AND
          • comment java-1.8.0-oracle-src is earlier than 1:1.8.0.141-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171790011
          • comment java-1.8.0-oracle-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080012
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment java-1.8.0-oracle is earlier than 1:1.8.0.141-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171790014
          • comment java-1.8.0-oracle is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080002
        • AND
          • comment java-1.8.0-oracle-devel is earlier than 1:1.8.0.141-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171790015
          • comment java-1.8.0-oracle-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080004
        • AND
          • comment java-1.8.0-oracle-javafx is earlier than 1:1.8.0.141-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171790016
          • comment java-1.8.0-oracle-javafx is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080006
        • AND
          • comment java-1.8.0-oracle-jdbc is earlier than 1:1.8.0.141-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171790017
          • comment java-1.8.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080008
        • AND
          • comment java-1.8.0-oracle-plugin is earlier than 1:1.8.0.141-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171790018
          • comment java-1.8.0-oracle-plugin is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080010
        • AND
          • comment java-1.8.0-oracle-src is earlier than 1:1.8.0.141-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171790019
          • comment java-1.8.0-oracle-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080012
    rhsa
    id RHSA-2017:1790
    released 2017-07-20
    severity Critical
    title RHSA-2017:1790: java-1.8.0-oracle security update (Critical)
  • bugzilla
    id 1472667
    title CVE-2017-10105 Oracle JDK: unspecified vulnerability fixed in 6u161, 7u151, and 8u141 (Deployment)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment java-1.7.0-oracle is earlier than 1:1.7.0.151-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171791001
          • comment java-1.7.0-oracle is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413015
        • AND
          • comment java-1.7.0-oracle-devel is earlier than 1:1.7.0.151-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171791003
          • comment java-1.7.0-oracle-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413017
        • AND
          • comment java-1.7.0-oracle-javafx is earlier than 1:1.7.0.151-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171791005
          • comment java-1.7.0-oracle-javafx is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413019
        • AND
          • comment java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.151-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171791007
          • comment java-1.7.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413021
        • AND
          • comment java-1.7.0-oracle-plugin is earlier than 1:1.7.0.151-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171791009
          • comment java-1.7.0-oracle-plugin is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413023
        • AND
          • comment java-1.7.0-oracle-src is earlier than 1:1.7.0.151-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171791011
          • comment java-1.7.0-oracle-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413025
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment java-1.7.0-oracle is earlier than 1:1.7.0.151-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171791014
          • comment java-1.7.0-oracle is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413015
        • AND
          • comment java-1.7.0-oracle-devel is earlier than 1:1.7.0.151-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171791015
          • comment java-1.7.0-oracle-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413017
        • AND
          • comment java-1.7.0-oracle-javafx is earlier than 1:1.7.0.151-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171791016
          • comment java-1.7.0-oracle-javafx is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413019
        • AND
          • comment java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.151-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171791017
          • comment java-1.7.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413021
        • AND
          • comment java-1.7.0-oracle-plugin is earlier than 1:1.7.0.151-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171791018
          • comment java-1.7.0-oracle-plugin is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413023
        • AND
          • comment java-1.7.0-oracle-src is earlier than 1:1.7.0.151-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171791019
          • comment java-1.7.0-oracle-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413025
    rhsa
    id RHSA-2017:1791
    released 2017-07-20
    severity Critical
    title RHSA-2017:1791: java-1.7.0-oracle security update (Critical)
  • bugzilla
    id 1472667
    title CVE-2017-10105 Oracle JDK: unspecified vulnerability fixed in 6u161, 7u151, and 8u141 (Deployment)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment java-1.6.0-sun is earlier than 1:1.6.0.161-1jpp.3.el7_3
            oval oval:com.redhat.rhsa:tst:20171792001
          • comment java-1.6.0-sun is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414015
        • AND
          • comment java-1.6.0-sun-demo is earlier than 1:1.6.0.161-1jpp.3.el7_3
            oval oval:com.redhat.rhsa:tst:20171792003
          • comment java-1.6.0-sun-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414017
        • AND
          • comment java-1.6.0-sun-devel is earlier than 1:1.6.0.161-1jpp.3.el7_3
            oval oval:com.redhat.rhsa:tst:20171792005
          • comment java-1.6.0-sun-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414019
        • AND
          • comment java-1.6.0-sun-jdbc is earlier than 1:1.6.0.161-1jpp.3.el7_3
            oval oval:com.redhat.rhsa:tst:20171792007
          • comment java-1.6.0-sun-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414021
        • AND
          • comment java-1.6.0-sun-plugin is earlier than 1:1.6.0.161-1jpp.3.el7_3
            oval oval:com.redhat.rhsa:tst:20171792009
          • comment java-1.6.0-sun-plugin is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414023
        • AND
          • comment java-1.6.0-sun-src is earlier than 1:1.6.0.161-1jpp.3.el7_3
            oval oval:com.redhat.rhsa:tst:20171792011
          • comment java-1.6.0-sun-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414025
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment java-1.6.0-sun is earlier than 1:1.6.0.161-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171792014
          • comment java-1.6.0-sun is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414015
        • AND
          • comment java-1.6.0-sun-demo is earlier than 1:1.6.0.161-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171792015
          • comment java-1.6.0-sun-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414017
        • AND
          • comment java-1.6.0-sun-devel is earlier than 1:1.6.0.161-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171792016
          • comment java-1.6.0-sun-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414019
        • AND
          • comment java-1.6.0-sun-jdbc is earlier than 1:1.6.0.161-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171792017
          • comment java-1.6.0-sun-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414021
        • AND
          • comment java-1.6.0-sun-plugin is earlier than 1:1.6.0.161-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171792018
          • comment java-1.6.0-sun-plugin is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414023
        • AND
          • comment java-1.6.0-sun-src is earlier than 1:1.6.0.161-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171792019
          • comment java-1.6.0-sun-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414025
    rhsa
    id RHSA-2017:1792
    released 2017-07-20
    severity Critical
    title RHSA-2017:1792: java-1.6.0-sun security update (Critical)
  • bugzilla
    id 1472666
    title CVE-2017-10243 OpenJDK: insecure XML parsing in wsdlimport (JAX-WS, 8182054)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment java-1.7.0-openjdk is earlier than 1:1.7.0.151-2.6.11.0.el6_9
            oval oval:com.redhat.rhsa:tst:20172424001
          • comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009002
        • AND
          • comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.151-2.6.11.0.el6_9
            oval oval:com.redhat.rhsa:tst:20172424003
          • comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009004
        • AND
          • comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.151-2.6.11.0.el6_9
            oval oval:com.redhat.rhsa:tst:20172424005
          • comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009006
        • AND
          • comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.151-2.6.11.0.el6_9
            oval oval:com.redhat.rhsa:tst:20172424007
          • comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009008
        • AND
          • comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.151-2.6.11.0.el6_9
            oval oval:com.redhat.rhsa:tst:20172424009
          • comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009010
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment java-1.7.0-openjdk is earlier than 1:1.7.0.151-2.6.11.1.el7_4
            oval oval:com.redhat.rhsa:tst:20172424012
          • comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009002
        • AND
          • comment java-1.7.0-openjdk-accessibility is earlier than 1:1.7.0.151-2.6.11.1.el7_4
            oval oval:com.redhat.rhsa:tst:20172424013
          • comment java-1.7.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140675004
        • AND
          • comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.151-2.6.11.1.el7_4
            oval oval:com.redhat.rhsa:tst:20172424015
          • comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009004
        • AND
          • comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.151-2.6.11.1.el7_4
            oval oval:com.redhat.rhsa:tst:20172424016
          • comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009006
        • AND
          • comment java-1.7.0-openjdk-headless is earlier than 1:1.7.0.151-2.6.11.1.el7_4
            oval oval:com.redhat.rhsa:tst:20172424017
          • comment java-1.7.0-openjdk-headless is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140675010
        • AND
          • comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.151-2.6.11.1.el7_4
            oval oval:com.redhat.rhsa:tst:20172424019
          • comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009008
        • AND
          • comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.151-2.6.11.1.el7_4
            oval oval:com.redhat.rhsa:tst:20172424020
          • comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009010
    rhsa
    id RHSA-2017:2424
    released 2017-08-07
    severity Critical
    title RHSA-2017:2424: java-1.7.0-openjdk security update (Critical)
  • rhsa
    id RHSA-2017:2469
  • rhsa
    id RHSA-2017:2481
  • rhsa
    id RHSA-2017:2530
  • rhsa
    id RHSA-2017:3453
rpms
  • java-1.8.0-openjdk-1:1.8.0.141-1.b16.el7_3
  • java-1.8.0-openjdk-1:1.8.0.141-2.b16.el6_9
  • java-1.8.0-openjdk-accessibility-1:1.8.0.141-1.b16.el7_3
  • java-1.8.0-openjdk-accessibility-debug-1:1.8.0.141-1.b16.el7_3
  • java-1.8.0-openjdk-debug-1:1.8.0.141-1.b16.el7_3
  • java-1.8.0-openjdk-debug-1:1.8.0.141-2.b16.el6_9
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.141-1.b16.el7_3
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.141-2.b16.el6_9
  • java-1.8.0-openjdk-demo-1:1.8.0.141-1.b16.el7_3
  • java-1.8.0-openjdk-demo-1:1.8.0.141-2.b16.el6_9
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.141-1.b16.el7_3
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.141-2.b16.el6_9
  • java-1.8.0-openjdk-devel-1:1.8.0.141-1.b16.el7_3
  • java-1.8.0-openjdk-devel-1:1.8.0.141-2.b16.el6_9
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.141-1.b16.el7_3
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.141-2.b16.el6_9
  • java-1.8.0-openjdk-headless-1:1.8.0.141-1.b16.el7_3
  • java-1.8.0-openjdk-headless-1:1.8.0.141-2.b16.el6_9
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.141-1.b16.el7_3
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.141-2.b16.el6_9
  • java-1.8.0-openjdk-javadoc-1:1.8.0.141-1.b16.el7_3
  • java-1.8.0-openjdk-javadoc-1:1.8.0.141-2.b16.el6_9
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.141-1.b16.el7_3
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.141-2.b16.el6_9
  • java-1.8.0-openjdk-javadoc-zip-1:1.8.0.141-1.b16.el7_3
  • java-1.8.0-openjdk-javadoc-zip-debug-1:1.8.0.141-1.b16.el7_3
  • java-1.8.0-openjdk-src-1:1.8.0.141-1.b16.el7_3
  • java-1.8.0-openjdk-src-1:1.8.0.141-2.b16.el6_9
  • java-1.8.0-openjdk-src-debug-1:1.8.0.141-1.b16.el7_3
  • java-1.8.0-openjdk-src-debug-1:1.8.0.141-2.b16.el6_9
  • java-1.8.0-oracle-1:1.8.0.141-1jpp.1.el6
  • java-1.8.0-oracle-1:1.8.0.141-1jpp.1.el7_3
  • java-1.8.0-oracle-devel-1:1.8.0.141-1jpp.1.el6
  • java-1.8.0-oracle-devel-1:1.8.0.141-1jpp.1.el7_3
  • java-1.8.0-oracle-javafx-1:1.8.0.141-1jpp.1.el6
  • java-1.8.0-oracle-javafx-1:1.8.0.141-1jpp.1.el7_3
  • java-1.8.0-oracle-jdbc-1:1.8.0.141-1jpp.1.el6
  • java-1.8.0-oracle-jdbc-1:1.8.0.141-1jpp.1.el7_3
  • java-1.8.0-oracle-plugin-1:1.8.0.141-1jpp.1.el6
  • java-1.8.0-oracle-plugin-1:1.8.0.141-1jpp.1.el7_3
  • java-1.8.0-oracle-src-1:1.8.0.141-1jpp.1.el6
  • java-1.8.0-oracle-src-1:1.8.0.141-1jpp.1.el7_3
  • java-1.7.0-oracle-1:1.7.0.151-1jpp.1.el6
  • java-1.7.0-oracle-1:1.7.0.151-1jpp.1.el7_3
  • java-1.7.0-oracle-devel-1:1.7.0.151-1jpp.1.el6
  • java-1.7.0-oracle-devel-1:1.7.0.151-1jpp.1.el7_3
  • java-1.7.0-oracle-javafx-1:1.7.0.151-1jpp.1.el6
  • java-1.7.0-oracle-javafx-1:1.7.0.151-1jpp.1.el7_3
  • java-1.7.0-oracle-jdbc-1:1.7.0.151-1jpp.1.el6
  • java-1.7.0-oracle-jdbc-1:1.7.0.151-1jpp.1.el7_3
  • java-1.7.0-oracle-plugin-1:1.7.0.151-1jpp.1.el6
  • java-1.7.0-oracle-plugin-1:1.7.0.151-1jpp.1.el7_3
  • java-1.7.0-oracle-src-1:1.7.0.151-1jpp.1.el6
  • java-1.7.0-oracle-src-1:1.7.0.151-1jpp.1.el7_3
  • java-1.6.0-sun-1:1.6.0.161-1jpp.1.el6
  • java-1.6.0-sun-1:1.6.0.161-1jpp.3.el7_3
  • java-1.6.0-sun-demo-1:1.6.0.161-1jpp.1.el6
  • java-1.6.0-sun-demo-1:1.6.0.161-1jpp.3.el7_3
  • java-1.6.0-sun-devel-1:1.6.0.161-1jpp.1.el6
  • java-1.6.0-sun-devel-1:1.6.0.161-1jpp.3.el7_3
  • java-1.6.0-sun-jdbc-1:1.6.0.161-1jpp.1.el6
  • java-1.6.0-sun-jdbc-1:1.6.0.161-1jpp.3.el7_3
  • java-1.6.0-sun-plugin-1:1.6.0.161-1jpp.1.el6
  • java-1.6.0-sun-plugin-1:1.6.0.161-1jpp.3.el7_3
  • java-1.6.0-sun-src-1:1.6.0.161-1jpp.1.el6
  • java-1.6.0-sun-src-1:1.6.0.161-1jpp.3.el7_3
  • java-1.7.0-openjdk-1:1.7.0.151-2.6.11.0.el6_9
  • java-1.7.0-openjdk-1:1.7.0.151-2.6.11.1.el7_4
  • java-1.7.0-openjdk-accessibility-1:1.7.0.151-2.6.11.1.el7_4
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.151-2.6.11.0.el6_9
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.151-2.6.11.1.el7_4
  • java-1.7.0-openjdk-demo-1:1.7.0.151-2.6.11.0.el6_9
  • java-1.7.0-openjdk-demo-1:1.7.0.151-2.6.11.1.el7_4
  • java-1.7.0-openjdk-devel-1:1.7.0.151-2.6.11.0.el6_9
  • java-1.7.0-openjdk-devel-1:1.7.0.151-2.6.11.1.el7_4
  • java-1.7.0-openjdk-headless-1:1.7.0.151-2.6.11.1.el7_4
  • java-1.7.0-openjdk-javadoc-1:1.7.0.151-2.6.11.0.el6_9
  • java-1.7.0-openjdk-javadoc-1:1.7.0.151-2.6.11.1.el7_4
  • java-1.7.0-openjdk-src-1:1.7.0.151-2.6.11.0.el6_9
  • java-1.7.0-openjdk-src-1:1.7.0.151-2.6.11.1.el7_4
  • java-1.8.0-ibm-1:1.8.0.4.10-1jpp.1.el6_9
  • java-1.8.0-ibm-1:1.8.0.4.10-1jpp.3.el7
  • java-1.8.0-ibm-demo-1:1.8.0.4.10-1jpp.1.el6_9
  • java-1.8.0-ibm-demo-1:1.8.0.4.10-1jpp.3.el7
  • java-1.8.0-ibm-devel-1:1.8.0.4.10-1jpp.1.el6_9
  • java-1.8.0-ibm-devel-1:1.8.0.4.10-1jpp.3.el7
  • java-1.8.0-ibm-jdbc-1:1.8.0.4.10-1jpp.1.el6_9
  • java-1.8.0-ibm-jdbc-1:1.8.0.4.10-1jpp.3.el7
  • java-1.8.0-ibm-plugin-1:1.8.0.4.10-1jpp.1.el6_9
  • java-1.8.0-ibm-plugin-1:1.8.0.4.10-1jpp.3.el7
  • java-1.8.0-ibm-src-1:1.8.0.4.10-1jpp.1.el6_9
  • java-1.8.0-ibm-src-1:1.8.0.4.10-1jpp.3.el7
  • java-1.7.1-ibm-1:1.7.1.4.10-1jpp.2.el6_9
  • java-1.7.1-ibm-1:1.7.1.4.10-1jpp.3.el7
  • java-1.7.1-ibm-demo-1:1.7.1.4.10-1jpp.2.el6_9
  • java-1.7.1-ibm-demo-1:1.7.1.4.10-1jpp.3.el7
  • java-1.7.1-ibm-devel-1:1.7.1.4.10-1jpp.2.el6_9
  • java-1.7.1-ibm-devel-1:1.7.1.4.10-1jpp.3.el7
  • java-1.7.1-ibm-jdbc-1:1.7.1.4.10-1jpp.2.el6_9
  • java-1.7.1-ibm-jdbc-1:1.7.1.4.10-1jpp.3.el7
  • java-1.7.1-ibm-plugin-1:1.7.1.4.10-1jpp.2.el6_9
  • java-1.7.1-ibm-plugin-1:1.7.1.4.10-1jpp.3.el7
  • java-1.7.1-ibm-src-1:1.7.1.4.10-1jpp.2.el6_9
  • java-1.7.1-ibm-src-1:1.7.1.4.10-1jpp.3.el7
  • java-1.6.0-ibm-1:1.6.0.16.50-1jpp.1.el6_9
  • java-1.6.0-ibm-demo-1:1.6.0.16.50-1jpp.1.el6_9
  • java-1.6.0-ibm-devel-1:1.6.0.16.50-1jpp.1.el6_9
  • java-1.6.0-ibm-javacomm-1:1.6.0.16.50-1jpp.1.el6_9
  • java-1.6.0-ibm-jdbc-1:1.6.0.16.50-1jpp.1.el6_9
  • java-1.6.0-ibm-plugin-1:1.6.0.16.50-1jpp.1.el6_9
  • java-1.6.0-ibm-src-1:1.6.0.16.50-1jpp.1.el6_9
  • java-1.8.0-ibm-1:1.8.0.5.5-1jpp.1.el6_9
  • java-1.8.0-ibm-devel-1:1.8.0.5.5-1jpp.1.el6_9
refmap via4
bid 99827
confirm
debian DSA-3954
gentoo GLSA-201709-22
sectrack 1038931
Last major update 13-05-2022 - 14:57
Published 08-08-2017 - 15:29
Last modified 13-05-2022 - 14:57
Back to Top