ID CVE-2017-3544
Summary Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:jrockit:r28.3.13:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jrockit:r28.3.13:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update_131:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update_131:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.8.0:update_121:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.8.0:update_121:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.8.0:update121:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.8.0:update121:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update131:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update131:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update141:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update141:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update141:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update141:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:1.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:1.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:1.8:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:1.9:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:1.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:1.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:1.10:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:1.11:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:1.12:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:1.13:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:1.14:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.3.11:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.3.12:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.3.13:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.3.13:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.3.14:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.3.14:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.6.8:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.6.8:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.6.9:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.6.9:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.6.10:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.6.10:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.6.11:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.6.11:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.6.12:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.6.12:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.6.13:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.6.13:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.6.14:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.6.14:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.6.15:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.6.15:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.6.16:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.6.16:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.6.17:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.6.17:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:2.6.18:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:2.6.18:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea:3.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea:3.3.0:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 13-05-2022 - 14:52)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
redhat via4
advisories
  • bugzilla
    id 1443252
    title CVE-2017-3526 OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment java-1.8.0-openjdk is earlier than 1:1.8.0.131-2.b11.el7_3
            oval oval:com.redhat.rhsa:tst:20171108001
          • comment java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636002
        • AND
          • comment java-1.8.0-openjdk-accessibility is earlier than 1:1.8.0.131-2.b11.el7_3
            oval oval:com.redhat.rhsa:tst:20171108003
          • comment java-1.8.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150809016
        • AND
          • comment java-1.8.0-openjdk-accessibility-debug is earlier than 1:1.8.0.131-2.b11.el7_3
            oval oval:com.redhat.rhsa:tst:20171108005
          • comment java-1.8.0-openjdk-accessibility-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20160049006
        • AND
          • comment java-1.8.0-openjdk-debug is earlier than 1:1.8.0.131-2.b11.el7_3
            oval oval:com.redhat.rhsa:tst:20171108007
          • comment java-1.8.0-openjdk-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919004
        • AND
          • comment java-1.8.0-openjdk-demo is earlier than 1:1.8.0.131-2.b11.el7_3
            oval oval:com.redhat.rhsa:tst:20171108009
          • comment java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636004
        • AND
          • comment java-1.8.0-openjdk-demo-debug is earlier than 1:1.8.0.131-2.b11.el7_3
            oval oval:com.redhat.rhsa:tst:20171108011
          • comment java-1.8.0-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919008
        • AND
          • comment java-1.8.0-openjdk-devel is earlier than 1:1.8.0.131-2.b11.el7_3
            oval oval:com.redhat.rhsa:tst:20171108013
          • comment java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636006
        • AND
          • comment java-1.8.0-openjdk-devel-debug is earlier than 1:1.8.0.131-2.b11.el7_3
            oval oval:com.redhat.rhsa:tst:20171108015
          • comment java-1.8.0-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919012
        • AND
          • comment java-1.8.0-openjdk-headless is earlier than 1:1.8.0.131-2.b11.el7_3
            oval oval:com.redhat.rhsa:tst:20171108017
          • comment java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636008
        • AND
          • comment java-1.8.0-openjdk-headless-debug is earlier than 1:1.8.0.131-2.b11.el7_3
            oval oval:com.redhat.rhsa:tst:20171108019
          • comment java-1.8.0-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919016
        • AND
          • comment java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.131-2.b11.el7_3
            oval oval:com.redhat.rhsa:tst:20171108021
          • comment java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636010
        • AND
          • comment java-1.8.0-openjdk-javadoc-debug is earlier than 1:1.8.0.131-2.b11.el7_3
            oval oval:com.redhat.rhsa:tst:20171108023
          • comment java-1.8.0-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919020
        • AND
          • comment java-1.8.0-openjdk-javadoc-zip is earlier than 1:1.8.0.131-2.b11.el7_3
            oval oval:com.redhat.rhsa:tst:20171108025
          • comment java-1.8.0-openjdk-javadoc-zip is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20170180041
        • AND
          • comment java-1.8.0-openjdk-javadoc-zip-debug is earlier than 1:1.8.0.131-2.b11.el7_3
            oval oval:com.redhat.rhsa:tst:20171108027
          • comment java-1.8.0-openjdk-javadoc-zip-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20170180043
        • AND
          • comment java-1.8.0-openjdk-src is earlier than 1:1.8.0.131-2.b11.el7_3
            oval oval:com.redhat.rhsa:tst:20171108029
          • comment java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636012
        • AND
          • comment java-1.8.0-openjdk-src-debug is earlier than 1:1.8.0.131-2.b11.el7_3
            oval oval:com.redhat.rhsa:tst:20171108031
          • comment java-1.8.0-openjdk-src-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919024
    rhsa
    id RHSA-2017:1108
    released 2017-04-21
    severity Moderate
    title RHSA-2017:1108: java-1.8.0-openjdk security and bug fix update (Moderate)
  • bugzilla
    id 1443252
    title CVE-2017-3526 OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment java-1.8.0-openjdk is earlier than 1:1.8.0.131-0.b11.el6_9
            oval oval:com.redhat.rhsa:tst:20171109001
          • comment java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636002
        • AND
          • comment java-1.8.0-openjdk-debug is earlier than 1:1.8.0.131-0.b11.el6_9
            oval oval:com.redhat.rhsa:tst:20171109003
          • comment java-1.8.0-openjdk-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919004
        • AND
          • comment java-1.8.0-openjdk-demo is earlier than 1:1.8.0.131-0.b11.el6_9
            oval oval:com.redhat.rhsa:tst:20171109005
          • comment java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636004
        • AND
          • comment java-1.8.0-openjdk-demo-debug is earlier than 1:1.8.0.131-0.b11.el6_9
            oval oval:com.redhat.rhsa:tst:20171109007
          • comment java-1.8.0-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919008
        • AND
          • comment java-1.8.0-openjdk-devel is earlier than 1:1.8.0.131-0.b11.el6_9
            oval oval:com.redhat.rhsa:tst:20171109009
          • comment java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636006
        • AND
          • comment java-1.8.0-openjdk-devel-debug is earlier than 1:1.8.0.131-0.b11.el6_9
            oval oval:com.redhat.rhsa:tst:20171109011
          • comment java-1.8.0-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919012
        • AND
          • comment java-1.8.0-openjdk-headless is earlier than 1:1.8.0.131-0.b11.el6_9
            oval oval:com.redhat.rhsa:tst:20171109013
          • comment java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636008
        • AND
          • comment java-1.8.0-openjdk-headless-debug is earlier than 1:1.8.0.131-0.b11.el6_9
            oval oval:com.redhat.rhsa:tst:20171109015
          • comment java-1.8.0-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919016
        • AND
          • comment java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.131-0.b11.el6_9
            oval oval:com.redhat.rhsa:tst:20171109017
          • comment java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636010
        • AND
          • comment java-1.8.0-openjdk-javadoc-debug is earlier than 1:1.8.0.131-0.b11.el6_9
            oval oval:com.redhat.rhsa:tst:20171109019
          • comment java-1.8.0-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919020
        • AND
          • comment java-1.8.0-openjdk-src is earlier than 1:1.8.0.131-0.b11.el6_9
            oval oval:com.redhat.rhsa:tst:20171109021
          • comment java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636012
        • AND
          • comment java-1.8.0-openjdk-src-debug is earlier than 1:1.8.0.131-0.b11.el6_9
            oval oval:com.redhat.rhsa:tst:20171109023
          • comment java-1.8.0-openjdk-src-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919024
    rhsa
    id RHSA-2017:1109
    released 2017-04-20
    severity Moderate
    title RHSA-2017:1109: java-1.8.0-openjdk security update (Moderate)
  • bugzilla
    id 1443252
    title CVE-2017-3526 OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment java-1.8.0-oracle is earlier than 1:1.8.0.131-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171117001
          • comment java-1.8.0-oracle is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080002
        • AND
          • comment java-1.8.0-oracle-devel is earlier than 1:1.8.0.131-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171117003
          • comment java-1.8.0-oracle-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080004
        • AND
          • comment java-1.8.0-oracle-javafx is earlier than 1:1.8.0.131-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171117005
          • comment java-1.8.0-oracle-javafx is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080006
        • AND
          • comment java-1.8.0-oracle-jdbc is earlier than 1:1.8.0.131-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171117007
          • comment java-1.8.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080008
        • AND
          • comment java-1.8.0-oracle-plugin is earlier than 1:1.8.0.131-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171117009
          • comment java-1.8.0-oracle-plugin is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080010
        • AND
          • comment java-1.8.0-oracle-src is earlier than 1:1.8.0.131-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171117011
          • comment java-1.8.0-oracle-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080012
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment java-1.8.0-oracle is earlier than 1:1.8.0.131-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171117014
          • comment java-1.8.0-oracle is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080002
        • AND
          • comment java-1.8.0-oracle-devel is earlier than 1:1.8.0.131-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171117015
          • comment java-1.8.0-oracle-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080004
        • AND
          • comment java-1.8.0-oracle-javafx is earlier than 1:1.8.0.131-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171117016
          • comment java-1.8.0-oracle-javafx is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080006
        • AND
          • comment java-1.8.0-oracle-jdbc is earlier than 1:1.8.0.131-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171117017
          • comment java-1.8.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080008
        • AND
          • comment java-1.8.0-oracle-plugin is earlier than 1:1.8.0.131-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171117018
          • comment java-1.8.0-oracle-plugin is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080010
        • AND
          • comment java-1.8.0-oracle-src is earlier than 1:1.8.0.131-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171117019
          • comment java-1.8.0-oracle-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080012
    rhsa
    id RHSA-2017:1117
    released 2017-04-24
    severity Moderate
    title RHSA-2017:1117: java-1.8.0-oracle security update (Moderate)
  • bugzilla
    id 1443252
    title CVE-2017-3526 OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment java-1.7.0-oracle is earlier than 1:1.7.0.141-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171118001
          • comment java-1.7.0-oracle is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413015
        • AND
          • comment java-1.7.0-oracle-devel is earlier than 1:1.7.0.141-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171118003
          • comment java-1.7.0-oracle-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413017
        • AND
          • comment java-1.7.0-oracle-javafx is earlier than 1:1.7.0.141-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171118005
          • comment java-1.7.0-oracle-javafx is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413019
        • AND
          • comment java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.141-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171118007
          • comment java-1.7.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413021
        • AND
          • comment java-1.7.0-oracle-plugin is earlier than 1:1.7.0.141-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171118009
          • comment java-1.7.0-oracle-plugin is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413023
        • AND
          • comment java-1.7.0-oracle-src is earlier than 1:1.7.0.141-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171118011
          • comment java-1.7.0-oracle-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413025
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment java-1.7.0-oracle is earlier than 1:1.7.0.141-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171118014
          • comment java-1.7.0-oracle is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413015
        • AND
          • comment java-1.7.0-oracle-devel is earlier than 1:1.7.0.141-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171118015
          • comment java-1.7.0-oracle-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413017
        • AND
          • comment java-1.7.0-oracle-javafx is earlier than 1:1.7.0.141-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171118016
          • comment java-1.7.0-oracle-javafx is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413019
        • AND
          • comment java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.141-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171118017
          • comment java-1.7.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413021
        • AND
          • comment java-1.7.0-oracle-plugin is earlier than 1:1.7.0.141-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171118018
          • comment java-1.7.0-oracle-plugin is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413023
        • AND
          • comment java-1.7.0-oracle-src is earlier than 1:1.7.0.141-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171118019
          • comment java-1.7.0-oracle-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413025
    rhsa
    id RHSA-2017:1118
    released 2017-04-24
    severity Moderate
    title RHSA-2017:1118: java-1.7.0-oracle security update (Moderate)
  • bugzilla
    id 1443252
    title CVE-2017-3526 OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment java-1.6.0-sun is earlier than 1:1.6.0.151-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171119001
          • comment java-1.6.0-sun is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414015
        • AND
          • comment java-1.6.0-sun-demo is earlier than 1:1.6.0.151-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171119003
          • comment java-1.6.0-sun-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414017
        • AND
          • comment java-1.6.0-sun-devel is earlier than 1:1.6.0.151-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171119005
          • comment java-1.6.0-sun-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414019
        • AND
          • comment java-1.6.0-sun-jdbc is earlier than 1:1.6.0.151-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171119007
          • comment java-1.6.0-sun-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414021
        • AND
          • comment java-1.6.0-sun-plugin is earlier than 1:1.6.0.151-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171119009
          • comment java-1.6.0-sun-plugin is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414023
        • AND
          • comment java-1.6.0-sun-src is earlier than 1:1.6.0.151-1jpp.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171119011
          • comment java-1.6.0-sun-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414025
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment java-1.6.0-sun is earlier than 1:1.6.0.151-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171119014
          • comment java-1.6.0-sun is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414015
        • AND
          • comment java-1.6.0-sun-demo is earlier than 1:1.6.0.151-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171119015
          • comment java-1.6.0-sun-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414017
        • AND
          • comment java-1.6.0-sun-devel is earlier than 1:1.6.0.151-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171119016
          • comment java-1.6.0-sun-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414019
        • AND
          • comment java-1.6.0-sun-jdbc is earlier than 1:1.6.0.151-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171119017
          • comment java-1.6.0-sun-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414021
        • AND
          • comment java-1.6.0-sun-plugin is earlier than 1:1.6.0.151-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171119018
          • comment java-1.6.0-sun-plugin is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414023
        • AND
          • comment java-1.6.0-sun-src is earlier than 1:1.6.0.151-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20171119019
          • comment java-1.6.0-sun-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414025
    rhsa
    id RHSA-2017:1119
    released 2017-04-24
    severity Moderate
    title RHSA-2017:1119: java-1.6.0-sun security update (Moderate)
  • bugzilla
    id 1443252
    title CVE-2017-3526 OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment java-1.7.0-openjdk is earlier than 1:1.7.0.141-2.6.10.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171204001
          • comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009002
        • AND
          • comment java-1.7.0-openjdk-accessibility is earlier than 1:1.7.0.141-2.6.10.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171204003
          • comment java-1.7.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140675004
        • AND
          • comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.141-2.6.10.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171204005
          • comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009004
        • AND
          • comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.141-2.6.10.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171204007
          • comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009006
        • AND
          • comment java-1.7.0-openjdk-headless is earlier than 1:1.7.0.141-2.6.10.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171204009
          • comment java-1.7.0-openjdk-headless is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140675010
        • AND
          • comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.141-2.6.10.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171204011
          • comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009008
        • AND
          • comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.141-2.6.10.1.el7_3
            oval oval:com.redhat.rhsa:tst:20171204013
          • comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009010
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment java-1.7.0-openjdk is earlier than 1:1.7.0.141-2.6.10.1.el6_9
            oval oval:com.redhat.rhsa:tst:20171204016
          • comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009002
        • AND
          • comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.141-2.6.10.1.el6_9
            oval oval:com.redhat.rhsa:tst:20171204017
          • comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009004
        • AND
          • comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.141-2.6.10.1.el6_9
            oval oval:com.redhat.rhsa:tst:20171204018
          • comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009006
        • AND
          • comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.141-2.6.10.1.el6_9
            oval oval:com.redhat.rhsa:tst:20171204019
          • comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009008
        • AND
          • comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.141-2.6.10.1.el6_9
            oval oval:com.redhat.rhsa:tst:20171204020
          • comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009010
    rhsa
    id RHSA-2017:1204
    released 2017-05-09
    severity Moderate
    title RHSA-2017:1204: java-1.7.0-openjdk security update (Moderate)
  • rhsa
    id RHSA-2017:1220
  • rhsa
    id RHSA-2017:1221
  • rhsa
    id RHSA-2017:1222
  • rhsa
    id RHSA-2017:3453
rpms
  • java-1.8.0-openjdk-1:1.8.0.131-2.b11.el7_3
  • java-1.8.0-openjdk-accessibility-1:1.8.0.131-2.b11.el7_3
  • java-1.8.0-openjdk-accessibility-debug-1:1.8.0.131-2.b11.el7_3
  • java-1.8.0-openjdk-debug-1:1.8.0.131-2.b11.el7_3
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.131-2.b11.el7_3
  • java-1.8.0-openjdk-demo-1:1.8.0.131-2.b11.el7_3
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.131-2.b11.el7_3
  • java-1.8.0-openjdk-devel-1:1.8.0.131-2.b11.el7_3
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.131-2.b11.el7_3
  • java-1.8.0-openjdk-headless-1:1.8.0.131-2.b11.el7_3
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.131-2.b11.el7_3
  • java-1.8.0-openjdk-javadoc-1:1.8.0.131-2.b11.el7_3
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.131-2.b11.el7_3
  • java-1.8.0-openjdk-javadoc-zip-1:1.8.0.131-2.b11.el7_3
  • java-1.8.0-openjdk-javadoc-zip-debug-1:1.8.0.131-2.b11.el7_3
  • java-1.8.0-openjdk-src-1:1.8.0.131-2.b11.el7_3
  • java-1.8.0-openjdk-src-debug-1:1.8.0.131-2.b11.el7_3
  • java-1.8.0-openjdk-1:1.8.0.131-0.b11.el6_9
  • java-1.8.0-openjdk-debug-1:1.8.0.131-0.b11.el6_9
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.131-0.b11.el6_9
  • java-1.8.0-openjdk-demo-1:1.8.0.131-0.b11.el6_9
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.131-0.b11.el6_9
  • java-1.8.0-openjdk-devel-1:1.8.0.131-0.b11.el6_9
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.131-0.b11.el6_9
  • java-1.8.0-openjdk-headless-1:1.8.0.131-0.b11.el6_9
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.131-0.b11.el6_9
  • java-1.8.0-openjdk-javadoc-1:1.8.0.131-0.b11.el6_9
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.131-0.b11.el6_9
  • java-1.8.0-openjdk-src-1:1.8.0.131-0.b11.el6_9
  • java-1.8.0-openjdk-src-debug-1:1.8.0.131-0.b11.el6_9
  • java-1.8.0-oracle-1:1.8.0.131-1jpp.1.el6
  • java-1.8.0-oracle-1:1.8.0.131-1jpp.1.el7_3
  • java-1.8.0-oracle-devel-1:1.8.0.131-1jpp.1.el6
  • java-1.8.0-oracle-devel-1:1.8.0.131-1jpp.1.el7_3
  • java-1.8.0-oracle-javafx-1:1.8.0.131-1jpp.1.el6
  • java-1.8.0-oracle-javafx-1:1.8.0.131-1jpp.1.el7_3
  • java-1.8.0-oracle-jdbc-1:1.8.0.131-1jpp.1.el6
  • java-1.8.0-oracle-jdbc-1:1.8.0.131-1jpp.1.el7_3
  • java-1.8.0-oracle-plugin-1:1.8.0.131-1jpp.1.el6
  • java-1.8.0-oracle-plugin-1:1.8.0.131-1jpp.1.el7_3
  • java-1.8.0-oracle-src-1:1.8.0.131-1jpp.1.el6
  • java-1.8.0-oracle-src-1:1.8.0.131-1jpp.1.el7_3
  • java-1.7.0-oracle-1:1.7.0.141-1jpp.1.el6
  • java-1.7.0-oracle-1:1.7.0.141-1jpp.1.el7_3
  • java-1.7.0-oracle-devel-1:1.7.0.141-1jpp.1.el6
  • java-1.7.0-oracle-devel-1:1.7.0.141-1jpp.1.el7_3
  • java-1.7.0-oracle-javafx-1:1.7.0.141-1jpp.1.el6
  • java-1.7.0-oracle-javafx-1:1.7.0.141-1jpp.1.el7_3
  • java-1.7.0-oracle-jdbc-1:1.7.0.141-1jpp.1.el6
  • java-1.7.0-oracle-jdbc-1:1.7.0.141-1jpp.1.el7_3
  • java-1.7.0-oracle-plugin-1:1.7.0.141-1jpp.1.el6
  • java-1.7.0-oracle-plugin-1:1.7.0.141-1jpp.1.el7_3
  • java-1.7.0-oracle-src-1:1.7.0.141-1jpp.1.el6
  • java-1.7.0-oracle-src-1:1.7.0.141-1jpp.1.el7_3
  • java-1.6.0-sun-1:1.6.0.151-1jpp.1.el6
  • java-1.6.0-sun-1:1.6.0.151-1jpp.1.el7_3
  • java-1.6.0-sun-demo-1:1.6.0.151-1jpp.1.el6
  • java-1.6.0-sun-demo-1:1.6.0.151-1jpp.1.el7_3
  • java-1.6.0-sun-devel-1:1.6.0.151-1jpp.1.el6
  • java-1.6.0-sun-devel-1:1.6.0.151-1jpp.1.el7_3
  • java-1.6.0-sun-jdbc-1:1.6.0.151-1jpp.1.el6
  • java-1.6.0-sun-jdbc-1:1.6.0.151-1jpp.1.el7_3
  • java-1.6.0-sun-plugin-1:1.6.0.151-1jpp.1.el6
  • java-1.6.0-sun-plugin-1:1.6.0.151-1jpp.1.el7_3
  • java-1.6.0-sun-src-1:1.6.0.151-1jpp.1.el6
  • java-1.6.0-sun-src-1:1.6.0.151-1jpp.1.el7_3
  • java-1.7.0-openjdk-1:1.7.0.141-2.6.10.1.el6_9
  • java-1.7.0-openjdk-1:1.7.0.141-2.6.10.1.el7_3
  • java-1.7.0-openjdk-accessibility-1:1.7.0.141-2.6.10.1.el7_3
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.141-2.6.10.1.el6_9
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.141-2.6.10.1.el7_3
  • java-1.7.0-openjdk-demo-1:1.7.0.141-2.6.10.1.el6_9
  • java-1.7.0-openjdk-demo-1:1.7.0.141-2.6.10.1.el7_3
  • java-1.7.0-openjdk-devel-1:1.7.0.141-2.6.10.1.el6_9
  • java-1.7.0-openjdk-devel-1:1.7.0.141-2.6.10.1.el7_3
  • java-1.7.0-openjdk-headless-1:1.7.0.141-2.6.10.1.el7_3
  • java-1.7.0-openjdk-javadoc-1:1.7.0.141-2.6.10.1.el6_9
  • java-1.7.0-openjdk-javadoc-1:1.7.0.141-2.6.10.1.el7_3
  • java-1.7.0-openjdk-src-1:1.7.0.141-2.6.10.1.el6_9
  • java-1.7.0-openjdk-src-1:1.7.0.141-2.6.10.1.el7_3
  • java-1.8.0-ibm-1:1.8.0.4.5-1jpp.1.el6_9
  • java-1.8.0-ibm-1:1.8.0.4.5-1jpp.1.el7_3
  • java-1.8.0-ibm-demo-1:1.8.0.4.5-1jpp.1.el6_9
  • java-1.8.0-ibm-demo-1:1.8.0.4.5-1jpp.1.el7_3
  • java-1.8.0-ibm-devel-1:1.8.0.4.5-1jpp.1.el6_9
  • java-1.8.0-ibm-devel-1:1.8.0.4.5-1jpp.1.el7_3
  • java-1.8.0-ibm-jdbc-1:1.8.0.4.5-1jpp.1.el6_9
  • java-1.8.0-ibm-jdbc-1:1.8.0.4.5-1jpp.1.el7_3
  • java-1.8.0-ibm-plugin-1:1.8.0.4.5-1jpp.1.el6_9
  • java-1.8.0-ibm-plugin-1:1.8.0.4.5-1jpp.1.el7_3
  • java-1.8.0-ibm-src-1:1.8.0.4.5-1jpp.1.el6_9
  • java-1.8.0-ibm-src-1:1.8.0.4.5-1jpp.1.el7_3
  • java-1.7.1-ibm-1:1.7.1.4.5-1jpp.1.el7_3
  • java-1.7.1-ibm-1:1.7.1.4.5-1jpp.2.el6_9
  • java-1.7.1-ibm-demo-1:1.7.1.4.5-1jpp.1.el7_3
  • java-1.7.1-ibm-demo-1:1.7.1.4.5-1jpp.2.el6_9
  • java-1.7.1-ibm-devel-1:1.7.1.4.5-1jpp.1.el7_3
  • java-1.7.1-ibm-devel-1:1.7.1.4.5-1jpp.2.el6_9
  • java-1.7.1-ibm-jdbc-1:1.7.1.4.5-1jpp.1.el7_3
  • java-1.7.1-ibm-jdbc-1:1.7.1.4.5-1jpp.2.el6_9
  • java-1.7.1-ibm-plugin-1:1.7.1.4.5-1jpp.1.el7_3
  • java-1.7.1-ibm-plugin-1:1.7.1.4.5-1jpp.2.el6_9
  • java-1.7.1-ibm-src-1:1.7.1.4.5-1jpp.1.el7_3
  • java-1.7.1-ibm-src-1:1.7.1.4.5-1jpp.2.el6_9
  • java-1.6.0-ibm-1:1.6.0.16.45-1jpp.1.el6_9
  • java-1.6.0-ibm-demo-1:1.6.0.16.45-1jpp.1.el6_9
  • java-1.6.0-ibm-devel-1:1.6.0.16.45-1jpp.1.el6_9
  • java-1.6.0-ibm-javacomm-1:1.6.0.16.45-1jpp.1.el6_9
  • java-1.6.0-ibm-jdbc-1:1.6.0.16.45-1jpp.1.el6_9
  • java-1.6.0-ibm-plugin-1:1.6.0.16.45-1jpp.1.el6_9
  • java-1.6.0-ibm-src-1:1.6.0.16.45-1jpp.1.el6_9
  • java-1.8.0-ibm-1:1.8.0.5.5-1jpp.1.el6_9
  • java-1.8.0-ibm-devel-1:1.8.0.5.5-1jpp.1.el6_9
refmap via4
bid 97745
confirm
debian DSA-3858
gentoo
  • GLSA-201705-03
  • GLSA-201707-01
sectrack 1038286
Last major update 13-05-2022 - 14:52
Published 24-04-2017 - 19:59
Last modified 13-05-2022 - 14:52
Back to Top