Vulnerabilities > CVE-2017-10117 - Unspecified vulnerability in Oracle Java Advanced Management Console 2.6
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0026_OPENJDK.NASL description An update of the openjdk package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121718 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121718 title Photon OS 1.0: Openjdk PHSA-2017-0026 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0026_OPENJRE.NASL description An update of the openjre package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121719 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121719 title Photon OS 1.0: Openjre PHSA-2017-0026 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0026.NASL description An update of [openjdk,openjre,pycrypto,python3-pycrypto] packages for PhotonOS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 111875 published 2018-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111875 title Photon OS 1.0: Openjdk / Openjre / Pycrypto / Python3 PHSA-2017-0026 (deprecated) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201709-22.NASL description The remote host is affected by the vulnerability described in GLSA-201709-22 (Oracle JDK/JRE, IcedTea: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Oracle’s JRE, JDK and IcedTea. Please review the referenced CVE identifiers for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or gain access to information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 103450 published 2017-09-25 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/103450 title GLSA-201709-22 : Oracle JDK/JRE, IcedTea: Multiple vulnerabilities NASL family Windows NASL id ORACLE_JAVA_CPU_JUL_2017.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 141, 7 Update 151, or 6 Update 161. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the 2D component that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-10053) - Multiple unspecified flaws exist in the Security component that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10067, CVE-2017-10116) - An unspecified flaw exists in the Hotspot component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10074) - An unspecified flaw exists in the Scripting component that allows an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-10078) - An unspecified flaw exists in the Hotspot component that allows an unauthenticated, remote attacker to impact integrity. (CVE-2017-10081) - Multiple unspecified flaws exist in the JavaFX component that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10086, CVE-2017-10114) - Multiple unspecified flaws exist in the Libraries component that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10087, CVE-2017-10090, CVE-2017-10111) - An unspecified flaw exists in the ImageIO component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10089) - Multiple unspecified flaws exist in the JAXP component that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10096, CVE-2017-10101) - Multiple unspecified flaws exist in the RMI component that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10102, CVE-2017-10107) - Multiple unspecified flaws exist in the Server component of the Java Advanced Management Console that allow an authenticated, remote attacker to impact confidentiality, integrity, and availability. (CVE-2017-10104, CVE-2017-10145) - An unspecified flaw exists in the Deployment component that allows an unauthenticated, remote attacker to impact integrity. (CVE-2017-10105) - Multiple unspecified flaws exist in the Serialization component that allow an unauthenticated, remote attacker to exhaust available memory, resulting in a denial of service condition. (CVE-2017-10108, CVE-2017-10109) - An unspecified flaw exists in the AWT component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10110) - Multiple unspecified flaws exist in the JCE component that allow an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-10115, CVE-2017-10118, CVE-2017-10135) - An unspecified flaw exists in the Server component of the Java Advanced Management Console that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-10117) - An unspecified flaw exists in the Server component of the Java Advanced Management Console that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-10121) - An unspecified flaw exists in the Deployment component that allows a local attacker to impact confidentiality, integrity, and availability. (CVE-2017-10125) - Multiple unspecified flaws exist in the Security component that allow an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-10176, CVE-2017-10193, CVE-2017-10198) - An unspecified flaw exists in the JAX-WS component that allows an unauthenticated, remote attacker to impact confidentiality and availability. (CVE-2017-10243) last seen 2020-06-01 modified 2020-06-02 plugin id 101843 published 2017-07-20 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101843 title Oracle Java SE Multiple Vulnerabilities (July 2017 CPU) NASL family Misc. NASL id ORACLE_JAVA_CPU_JUL_2017_UNIX.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 141, 7 Update 151, or 6 Update 161. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the 2D component that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-10053) - Multiple unspecified flaws exist in the Security component that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10067, CVE-2017-10116) - An unspecified flaw exists in the Hotspot component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10074) - An unspecified flaw exists in the Scripting component that allows an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-10078) - An unspecified flaw exists in the Hotspot component that allows an unauthenticated, remote attacker to impact integrity. (CVE-2017-10081) - Multiple unspecified flaws exist in the JavaFX component that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10086, CVE-2017-10114) - Multiple unspecified flaws exist in the Libraries component that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10087, CVE-2017-10090, CVE-2017-10111) - An unspecified flaw exists in the ImageIO component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10089) - Multiple unspecified flaws exist in the JAXP component that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10096, CVE-2017-10101) - Multiple unspecified flaws exist in the RMI component that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10102, CVE-2017-10107) - Multiple unspecified flaws exist in the Server component of the Java Advanced Management Console that allow an authenticated, remote attacker to impact confidentiality, integrity, and availability. (CVE-2017-10104, CVE-2017-10145) - An unspecified flaw exists in the Deployment component that allows an unauthenticated, remote attacker to impact integrity. (CVE-2017-10105) - Multiple unspecified flaws exist in the Serialization component that allow an unauthenticated, remote attacker to exhaust available memory, resulting in a denial of service condition. (CVE-2017-10108, CVE-2017-10109) - An unspecified flaw exists in the AWT component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10110) - Multiple unspecified flaws exist in the JCE component that allow an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-10115, CVE-2017-10118, CVE-2017-10135) - An unspecified flaw exists in the Server component of the Java Advanced Management Console that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-10117) - An unspecified flaw exists in the Server component of the Java Advanced Management Console that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-10121) - An unspecified flaw exists in the Deployment component that allows a local attacker to impact confidentiality, integrity, and availability. (CVE-2017-10125) - Multiple unspecified flaws exist in the Security component that allow an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-10176, CVE-2017-10193, CVE-2017-10198) - An unspecified flaw exists in the JAX-WS component that allows an unauthenticated, remote attacker to impact confidentiality and availability. (CVE-2017-10243) last seen 2020-06-01 modified 2020-06-02 plugin id 101844 published 2017-07-20 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101844 title Oracle Java SE Multiple Vulnerabilities (July 2017 CPU) (Unix)
References
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.securityfocus.com/bid/99835
- http://www.securityfocus.com/bid/99835
- http://www.securitytracker.com/id/1038931
- http://www.securitytracker.com/id/1038931
- https://security.gentoo.org/glsa/201709-22
- https://security.gentoo.org/glsa/201709-22
- https://security.netapp.com/advisory/ntap-20170720-0001/
- https://security.netapp.com/advisory/ntap-20170720-0001/