vulnerability
Oracle Linux: CVE-2017-10355: ELSA-2017-2998: java-1.8.0-openjdk security update (CRITICAL) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Oct 17, 2017 | Oct 20, 2017 | Dec 3, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Oct 17, 2017
Added
Oct 20, 2017
Modified
Dec 3, 2025
Description
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server.
It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server.
Solutions
oracle-linux-upgrade-java-1-7-0-openjdkoracle-linux-upgrade-java-1-7-0-openjdk-accessibilityoracle-linux-upgrade-java-1-7-0-openjdk-demooracle-linux-upgrade-java-1-7-0-openjdk-develoracle-linux-upgrade-java-1-7-0-openjdk-headlessoracle-linux-upgrade-java-1-7-0-openjdk-javadocoracle-linux-upgrade-java-1-7-0-openjdk-srcoracle-linux-upgrade-java-1-8-0-openjdkoracle-linux-upgrade-java-1-8-0-openjdk-accessibilityoracle-linux-upgrade-java-1-8-0-openjdk-accessibility-debugoracle-linux-upgrade-java-1-8-0-openjdk-debugoracle-linux-upgrade-java-1-8-0-openjdk-demooracle-linux-upgrade-java-1-8-0-openjdk-demo-debugoracle-linux-upgrade-java-1-8-0-openjdk-develoracle-linux-upgrade-java-1-8-0-openjdk-devel-debugoracle-linux-upgrade-java-1-8-0-openjdk-headlessoracle-linux-upgrade-java-1-8-0-openjdk-headless-debugoracle-linux-upgrade-java-1-8-0-openjdk-javadocoracle-linux-upgrade-java-1-8-0-openjdk-javadoc-debugoracle-linux-upgrade-java-1-8-0-openjdk-javadoc-ziporacle-linux-upgrade-java-1-8-0-openjdk-javadoc-zip-debugoracle-linux-upgrade-java-1-8-0-openjdk-srcoracle-linux-upgrade-java-1-8-0-openjdk-src-debug
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.