VYPR
Get started
← All advisories
Medium severity5.3NVD Advisory· Published Oct 19, 2017· Updated May 13, 2026

CVE-2017-10349

CVE-2017-10349

Description

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Affected products

55
  • Oracle Corporation/Javav5
    Range: Java SE: 6u161
  • Oracle Corporation/Jdk4 versions
    cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*
  • Oracle Corporation/Jre4 versions
    cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*
  • Red Hat/Satellite
    cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Desktop2 versions
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Eus4 versions
    cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server2 versions
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server Aus3 versions
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server Tus3 versions
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Workstation2 versions
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • NetApp/Active Iq Unified Manager2 versions
    cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*+ 1 more
    • cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*range: >=7.3
    • cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*range: >=9.5
  • NetApp/Cloud Backup
    cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
  • NetApp/E Series Santricity Management Plug Ins
    cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*
  • NetApp/E Series Santricity Os Controller
    cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
    Range: >=11.0,<=11.70.1
  • NetApp/E Series Santricity Storage Manager
    cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
  • NetApp/E Series Santricity Web Services
    cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
  • NetApp/Element Software
    cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
  • NetApp/Oncommand Balance
    cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
  • NetApp/Oncommand Insight
    cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • NetApp/Oncommand Performance Manager
    cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*
  • NetApp/Oncommand Shift
    cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*
  • NetApp/Oncommand Unified Manager3 versions
    cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*+ 2 more
    • cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*range: <=7.1
    • cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*range: <=7.1
    • cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*
  • NetApp/Oncommand Workflow Automation
    cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
  • NetApp/Plug In For Symantec Netbackup
    cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
  • NetApp/Snapmanager2 versions
    cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*+ 1 more
    • cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
    • cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
  • NetApp/Steelstore Cloud Integrated Storage
    cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
  • NetApp/Storage Replication Adapter For Clustered Data Ontap2 versions
    cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*+ 1 more
    • cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*range: >=7.2
    • cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*range: >=7.2
  • NetApp/Vasa Provider For Clustered Data Ontap2 versions
    cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*range: >=7.2
    • cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*
  • NetApp/Virtual Storage Console2 versions
    cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*+ 1 more
    • cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*range: >=7.2
    • cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*
  • Debian/Debian Linux3 versions
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

18

News mentions

0

No linked articles in our index yet.