Vulnerability Name:

CVE-2017-3262 (CCN-120858)

Assigned:2016-12-06
Published:2017-01-17
Updated:2019-10-03
Summary:Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data.
Note: Applies to Java Mission Control Installation. CVSS v3.0 Base Score 5.3 (Confidentiality impacts).
CVSS v3 Severity:5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
5.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2017-3262

Source: CCN
Type: RHSA-2017-0175
Critical: java-1.8.0-oracle security update

Source: REDHAT
Type: UNKNOWN
RHSA-2017:0175

Source: CCN
Type: Oracle CPUJan2017
Oracle Critical Patch Update Advisory - January 2017

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html

Source: BID
Type: Third Party Advisory, VDB Entry
95578

Source: CCN
Type: BID-95578
Oracle Java SE CVE-2017-3262 Remote Security Vulnerability

Source: SECTRACK
Type: UNKNOWN
1037637

Source: XF
Type: UNKNOWN
oracle-cpujan2017-cve20173262(120858)

Source: GENTOO
Type: UNKNOWN
GLSA-201701-65

Source: CONFIRM
Type: UNKNOWN
https://security.netapp.com/advisory/ntap-20170119-0001/

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:jdk:1.8:update_112:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.8:update_112:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_extras_oracle_java:6:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/a:redhat:rhel_extras_oracle_java:7:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:oracle:java_se:8:u112:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation:7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation:6:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.redhat.rhsa:def:20170175
    P
    RHSA-2017:0175: java-1.8.0-oracle security update (Critical)
    2017-12-14
    oval:org.cisecurity:def:1771
    V
    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control) - CVE-2017-3262
    2017-02-24
    oval:com.ubuntu.xenial:def:20173262000
    V
    CVE-2017-3262 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-01-27
    oval:com.ubuntu.xenial:def:201732620000000
    V
    CVE-2017-3262 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-01-27
    BACK
    oracle jdk 1.8 update_112
    oracle jre 1.8 update_112
    oracle java se 8 u112
    redhat enterprise linux desktop 7
    redhat enterprise linux hpc node 7.0
    redhat enterprise linux server 7
    redhat enterprise linux workstation 7
    redhat enterprise linux desktop 6
    redhat enterprise linux hpc node 6
    redhat enterprise linux server 6
    redhat enterprise linux workstation 6