Low severity3.7NVD Advisory· Published Apr 24, 2017· Updated May 13, 2026

CVE-2017-3544

Description

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Affected products

Oracle Corporation/Jdk3 versions
cpe:2.3:a:oracle:jdk:1.6.0:update141:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:oracle:jdk:1.6.0:update141:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update131:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.8.0:update121:*:*:*:*:*:*
Oracle Corporation/Jre3 versions
cpe:2.3:a:oracle:jre:1.6.0:update141:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:oracle:jre:1.6.0:update141:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update_131:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.8.0:update_121:*:*:*:*:*:*
Oracle Corporation/Jrockit
cpe:2.3:a:oracle:jrockit:r28.3.13:*:*:*:*:*:*:*
Red Hat/Icedtea
cpe:2.3:a:redhat:icedtea:*:*:*:*:*:*:*:*
Range: <3.4.0
Red Hat/Satellite
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Google/Android8 versions
cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop2 versions
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server2 versions
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Aus3 versions
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Eus4 versions
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Tus2 versions
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation2 versions
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Oracle Corporation/Javav5
Range: Java SE: 6u141

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.htmlnvdPatchVendor Advisory
source.android.com/security/bulletin/2017-07-01nvdPatchThird Party Advisory
www.debian.org/security/2017/dsa-3858nvdThird Party Advisory
www.securityfocus.com/bid/97745nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1038286nvdThird Party AdvisoryVDB Entry
access.redhat.com/errata/RHSA-2017:1108nvdThird Party Advisory
access.redhat.com/errata/RHSA-2017:1109nvdThird Party Advisory
access.redhat.com/errata/RHSA-2017:1117nvdThird Party Advisory
access.redhat.com/errata/RHSA-2017:1118nvdThird Party Advisory
access.redhat.com/errata/RHSA-2017:1119nvdThird Party Advisory
access.redhat.com/errata/RHSA-2017:1204nvdThird Party Advisory
access.redhat.com/errata/RHSA-2017:1220nvdThird Party Advisory
access.redhat.com/errata/RHSA-2017:1221nvdThird Party Advisory
access.redhat.com/errata/RHSA-2017:1222nvdThird Party Advisory
access.redhat.com/errata/RHSA-2017:3453nvdThird Party Advisory
security.gentoo.org/glsa/201705-03nvdThird Party Advisory
security.gentoo.org/glsa/201707-01nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.240
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000