{"containers": {"cna": {"affected": [{"product": "Java JavaSE:6u131;7u121;8u112;JavaSEEmbedded:8u111;JRockit:R28.3.12", "vendor": "n/a", "versions": [{"status": "affected", "version": "Java JavaSE:6u131;7u121;8u112;JavaSEEmbedded:8u111;JRockit:R28.3.12"}]}], "datePublic": "2017-01-17T00:00:00", "descriptions": [{"lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.8 (Integrity impacts)."}], "problemTypes": [{"descriptions": [{"description": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"name": "RHSA-2017:0338", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"}, {"name": "DSA-3782", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3782"}, {"name": "RHSA-2017:0176", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"}, {"name": "GLSA-201701-65", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-65"}, {"name": "RHSA-2017:0180", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"}, {"name": "1037637", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037637"}, {"name": "GLSA-201707-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201707-01"}, {"name": "RHSA-2017:0175", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"}, {"name": "95509", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95509"}, {"name": "RHSA-2017:0177", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"}, {"name": "RHSA-2017:0263", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"}, {"name": "RHSA-2017:1216", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1216"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"}, {"name": "RHSA-2017:0269", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"}, {"name": "RHSA-2017:0337", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"}, {"name": "RHSA-2017:0336", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-3252", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Java JavaSE:6u131;7u121;8u112;JavaSEEmbedded:8u111;JRockit:R28.3.12", "version": {"version_data": [{"version_value": "Java JavaSE:6u131;7u121;8u112;JavaSEEmbedded:8u111;JRockit:R28.3.12"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.8 (Integrity impacts)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N"}]}]}, "references": {"reference_data": [{"name": "RHSA-2017:0338", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"}, {"name": "DSA-3782", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3782"}, {"name": "RHSA-2017:0176", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"}, {"name": "GLSA-201701-65", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-65"}, {"name": "RHSA-2017:0180", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"}, {"name": "1037637", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037637"}, {"name": "GLSA-201707-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201707-01"}, {"name": "RHSA-2017:0175", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"}, {"name": "95509", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95509"}, {"name": "RHSA-2017:0177", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"}, {"name": "RHSA-2017:0263", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"}, {"name": "RHSA-2017:1216", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1216"}, {"name": "https://security.netapp.com/advisory/ntap-20170119-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"}, {"name": "RHSA-2017:0269", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"}, {"name": "RHSA-2017:0337", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"}, {"name": "RHSA-2017:0336", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:23:32.862Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2017:0338", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"}, {"name": "DSA-3782", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3782"}, {"name": "RHSA-2017:0176", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"}, {"name": "GLSA-201701-65", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-65"}, {"name": "RHSA-2017:0180", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"}, {"name": "1037637", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037637"}, {"name": "GLSA-201707-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201707-01"}, {"name": "RHSA-2017:0175", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"}, {"name": "95509", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/95509"}, {"name": "RHSA-2017:0177", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"}, {"name": "RHSA-2017:0263", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"}, {"name": "RHSA-2017:1216", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1216"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"}, {"name": "RHSA-2017:0269", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"}, {"name": "RHSA-2017:0337", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"}, {"name": "RHSA-2017:0336", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-09T19:30:16.034312Z", "id": "CVE-2017-3252", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-09T19:44:36.531Z"}}]}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-3252", "datePublished": "2017-01-27T22:01:00", "dateReserved": "2016-12-06T00:00:00", "dateUpdated": "2024-10-09T19:44:36.531Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html", "name": "RHSA-2017:0338", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://www.debian.org/security/2017/dsa-3782", "name": "DSA-3782", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html", "name": "RHSA-2017:0176", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://security.gentoo.org/glsa/201701-65", "name": "GLSA-201701-65", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html", "name": "RHSA-2017:0180", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://www.securitytracker.com/id/1037637", "name": "1037637", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"]}, {"url": "https://security.gentoo.org/glsa/201707-01", "name": "GLSA-201707-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html", "name": "RHSA-2017:0175", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/95509", "name": "95509", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html", "name": "RHSA-2017:0177", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html", "name": "RHSA-2017:0263", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:1216", "name": "RHSA-2017:1216", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20170119-0001/", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html", "name": "RHSA-2017:0269", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html", "name": "RHSA-2017:0337", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html", "name": "RHSA-2017:0336", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:23:32.862Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2017-3252", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-09T19:30:16.034312Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-09T19:30:47.743Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "Java JavaSE:6u131;7u121;8u112;JavaSEEmbedded:8u111;JRockit:R28.3.12", "versions": [{"status": "affected", "version": "Java JavaSE:6u131;7u121;8u112;JavaSEEmbedded:8u111;JRockit:R28.3.12"}]}], "datePublic": "2017-01-17T00:00:00", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html", "name": "RHSA-2017:0338", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "http://www.debian.org/security/2017/dsa-3782", "name": "DSA-3782", "tags": ["vendor-advisory", "x_refsource_DEBIAN"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html", "name": "RHSA-2017:0176", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://security.gentoo.org/glsa/201701-65", "name": "GLSA-201701-65", "tags": ["vendor-advisory", "x_refsource_GENTOO"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html", "name": "RHSA-2017:0180", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "http://www.securitytracker.com/id/1037637", "name": "1037637", "tags": ["vdb-entry", "x_refsource_SECTRACK"]}, {"url": "https://security.gentoo.org/glsa/201707-01", "name": "GLSA-201707-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html", "name": "RHSA-2017:0175", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "http://www.securityfocus.com/bid/95509", "name": "95509", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html", "name": "RHSA-2017:0177", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html", "name": "RHSA-2017:0263", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:1216", "name": "RHSA-2017:1216", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://security.netapp.com/advisory/ntap-20170119-0001/", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html", "name": "RHSA-2017:0269", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html", "name": "RHSA-2017:0337", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html", "name": "RHSA-2017:0336", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.8 (Integrity impacts)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N"}]}], "providerMetadata": {"orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle", "dateUpdated": "2018-01-04T19:57:01"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "Java JavaSE:6u131;7u121;8u112;JavaSEEmbedded:8u111;JRockit:R28.3.12"}]}, "product_name": "Java JavaSE:6u131;7u121;8u112;JavaSEEmbedded:8u111;JRockit:R28.3.12"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html", "name": "RHSA-2017:0338", "refsource": "REDHAT"}, {"url": "http://www.debian.org/security/2017/dsa-3782", "name": "DSA-3782", "refsource": "DEBIAN"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html", "name": "RHSA-2017:0176", "refsource": "REDHAT"}, {"url": "https://security.gentoo.org/glsa/201701-65", "name": "GLSA-201701-65", "refsource": "GENTOO"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html", "name": "RHSA-2017:0180", "refsource": "REDHAT"}, {"url": "http://www.securitytracker.com/id/1037637", "name": "1037637", "refsource": "SECTRACK"}, {"url": "https://security.gentoo.org/glsa/201707-01", "name": "GLSA-201707-01", "refsource": "GENTOO"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html", "name": "RHSA-2017:0175", "refsource": "REDHAT"}, {"url": "http://www.securityfocus.com/bid/95509", "name": "95509", "refsource": "BID"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html", "name": "RHSA-2017:0177", "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html", "name": "RHSA-2017:0263", "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2017:1216", "name": "RHSA-2017:1216", "refsource": "REDHAT"}, {"url": "https://security.netapp.com/advisory/ntap-20170119-0001/", "name": "https://security.netapp.com/advisory/ntap-20170119-0001/", "refsource": "CONFIRM"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html", "name": "RHSA-2017:0269", "refsource": "REDHAT"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", "refsource": "CONFIRM"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html", "name": "RHSA-2017:0337", "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html", "name": "RHSA-2017:0336", "refsource": "REDHAT"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.8 (Integrity impacts)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-3252", "STATE": "PUBLIC", "ASSIGNER": "secalert_us@oracle.com"}}}}, "cveMetadata": {"cveId": "CVE-2017-3252", "state": "PUBLISHED", "dateUpdated": "2024-10-09T19:44:36.531Z", "dateReserved": "2016-12-06T00:00:00", "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "datePublished": "2017-01-27T22:01:00", "assignerShortName": "oracle"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jdk:1.6:update_131:*:*:*:*:*:*", "matchCriteriaId": "B1384D79-F9DA-44C5-A3C9-3CCE627B2255", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7:update_121:*:*:*:*:*:*", "matchCriteriaId": "92EF1E3B-6EF8-499A-84EA-D7792B181CCB", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.8:update_111:*:*:*:*:*:*", "matchCriteriaId": "73185AEF-8CB1-4728-9E99-D0D2A3419D40", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.8:update_112:*:*:*:*:*:*", "matchCriteriaId": "BEB76EC4-557F-4C67-BE1E-79E837043B05", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.6:update_131:*:*:*:*:*:*", "matchCriteriaId": "C747C39A-145E-4648-99C2-0A8C7BA77F11", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.7:update_121:*:*:*:*:*:*", "matchCriteriaId": "706F9471-3647-4D13-B794-4F53700091F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.8:update_111:*:*:*:*:*:*", "matchCriteriaId": "1ED8B5A9-E738-430E-9FC6-206DFC98B965", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.8:update_112:*:*:*:*:*:*", "matchCriteriaId": "4AA3E574-DC5D-465B-95B8-CD1AF5433646", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jrockit:r28.3.12:*:*:*:*:*:*:*", "matchCriteriaId": "CE1A57E9-0134-466F-B8EE-9E38A844F865", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.8 (Integrity impacts)."}, {"lang": "es", "value": "Vulnerabilidad en el componente Java SE, Java SE Embedded, JRockit de Oracle Java SE (Subcomponente:JAAS). Versiones compatibles que est\u00e1n afectadas son Java SE: 6u131, 7u121 y 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Vulnerabilidad dif\u00edcil de explotar permite a atacantes poco privilegiados con acceso a la red a trav\u00e9s de m\u00faltiples protocolos, comprometer Java SE, Java SE Embedded, JRockit. Ataques exitosos requieren interacci\u00f3n humana de una persona distinta del atacante y mientras la vulnerabilidad est\u00e9 en Java SE, Java SE Embedded, JRockit, los ataques podr\u00edan afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en creaci\u00f3n no autorizada, inserci\u00f3n o borrado de acceso a todos los datos accesibles de Java SE, Java SE Embedded, JRockit. Nota: Aplica a la implementaci\u00f3n de cliente y servidor de Java. Esta vulnerabilidad puede ser explotada a trav\u00e9s de aplicaciones Java Web Start y applets Java aislados. Tambi\u00e9n puede ser explotada suministrando datos de APIs en el componente especificado sin utilizar aplicaciones Java Web Start o applets Java aislados, como por ejemplo mediante un servicio web. CVSS v3.0 Base Score 5.8 (Impactos de integridad)."}], "id": "CVE-2017-3252", "lastModified": "2018-01-05T02:31:36.260", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.3, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-01-27T22:59:02.693", "references": [{"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"}, {"source": "secalert_us@oracle.com", "url": "http://www.debian.org/security/2017/dsa-3782"}, {"source": "secalert_us@oracle.com", "tags": ["Not Applicable", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95509"}, {"source": "secalert_us@oracle.com", "url": "http://www.securitytracker.com/id/1037637"}, {"source": "secalert_us@oracle.com", "url": "https://access.redhat.com/errata/RHSA-2017:1216"}, {"source": "secalert_us@oracle.com", "url": "https://security.gentoo.org/glsa/201701-65"}, {"source": "secalert_us@oracle.com", "url": "https://security.gentoo.org/glsa/201707-01"}, {"source": "secalert_us@oracle.com", "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2017:0176", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:5", "package": "java-1.7.0-oracle-1:1.7.0.131-1jpp.1.el5_11", "product_name": "Oracle Java for Red Hat Enterprise Linux 5", "release_date": "2017-01-19T00:00:00Z"}, {"advisory": "RHSA-2017:0177", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:5", "package": "java-1.6.0-sun-1:1.6.0.141-1jpp.1.el5_11", "product_name": "Oracle Java for Red Hat Enterprise Linux 5", "release_date": "2017-01-19T00:00:00Z"}, {"advisory": "RHSA-2017:0175", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6", "package": "java-1.8.0-oracle-1:1.8.0.121-1jpp.1.el6_8", "product_name": "Oracle Java for Red Hat Enterprise Linux 6", "release_date": "2017-01-19T00:00:00Z"}, {"advisory": "RHSA-2017:0176", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6", "package": "java-1.7.0-oracle-1:1.7.0.131-1jpp.1.el6_8", "product_name": "Oracle Java for Red Hat Enterprise Linux 6", "release_date": "2017-01-19T00:00:00Z"}, {"advisory": "RHSA-2017:0177", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6", "package": "java-1.6.0-sun-1:1.6.0.141-1jpp.1.el6_8", "product_name": "Oracle Java for Red Hat Enterprise Linux 6", "release_date": "2017-01-19T00:00:00Z"}, {"advisory": "RHSA-2017:0175", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7", "package": "java-1.8.0-oracle-1:1.8.0.121-1jpp.1.el7_3", "product_name": "Oracle Java for Red Hat Enterprise Linux 7", "release_date": "2017-01-19T00:00:00Z"}, {"advisory": "RHSA-2017:0176", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7", "package": "java-1.7.0-oracle-1:1.7.0.131-1jpp.1.el7_3", "product_name": "Oracle Java for Red Hat Enterprise Linux 7", "release_date": "2017-01-19T00:00:00Z"}, {"advisory": "RHSA-2017:0177", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7", "package": "java-1.6.0-sun-1:1.6.0.141-1jpp.1.el7_3", "product_name": "Oracle Java for Red Hat Enterprise Linux 7", "release_date": "2017-01-19T00:00:00Z"}, {"advisory": "RHSA-2017:0269", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "java-1.7.0-openjdk-1:1.7.0.131-2.6.9.0.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2017-02-13T00:00:00Z"}, {"advisory": "RHSA-2017:0337", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.7.0-ibm-1:1.7.0.10.1-1jpp.1.el5_11", "product_name": "Red Hat Enterprise Linux 5 Supplementary", "release_date": "2017-02-28T00:00:00Z"}, {"advisory": "RHSA-2017:0338", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.6.0-ibm-1:1.6.0.16.41-1jpp.1.el5_11", "product_name": "Red Hat Enterprise Linux 5 Supplementary", "release_date": "2017-02-28T00:00:00Z"}, {"advisory": "RHSA-2017:0180", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "java-1.8.0-openjdk-1:1.8.0.121-0.b13.el6_8", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2017-01-20T00:00:00Z"}, {"advisory": "RHSA-2017:0269", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "java-1.7.0-openjdk-1:1.7.0.131-2.6.9.0.el6_8", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2017-02-13T00:00:00Z"}, {"advisory": "RHSA-2017:0263", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.8.0-ibm-1:1.8.0.4.0-1jpp.1.el6_8", "product_name": "Red Hat Enterprise Linux 6 Supplementary", "release_date": "2017-02-09T00:00:00Z"}, {"advisory": "RHSA-2017:0336", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8", "product_name": "Red Hat Enterprise Linux 6 Supplementary", "release_date": "2017-02-28T00:00:00Z"}, {"advisory": "RHSA-2017:0338", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.6.0-ibm-1:1.6.0.16.41-1jpp.1.el6_8", "product_name": "Red Hat Enterprise Linux 6 Supplementary", "release_date": "2017-02-28T00:00:00Z"}, {"advisory": "RHSA-2017:0180", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "java-1.8.0-openjdk-1:1.8.0.121-0.b13.el7_3", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-01-20T00:00:00Z"}, {"advisory": "RHSA-2017:0269", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "java-1.7.0-openjdk-1:1.7.0.131-2.6.9.0.el7_3", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-02-13T00:00:00Z"}, {"advisory": "RHSA-2017:0263", "cpe": "cpe:/a:redhat:rhel_extras:7", "package": "java-1.8.0-ibm-1:1.8.0.4.0-1jpp.1.el7", "product_name": "Red Hat Enterprise Linux 7 Supplementary", "release_date": "2017-02-09T00:00:00Z"}, {"advisory": "RHSA-2017:0336", "cpe": "cpe:/a:redhat:rhel_extras:7", "package": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.2.el7", "product_name": "Red Hat Enterprise Linux 7 Supplementary", "release_date": "2017-02-28T00:00:00Z"}, {"advisory": "RHSA-2017:1216", "cpe": "cpe:/a:redhat:network_satellite:5.6::el6", "package": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8", "product_name": "Red Hat Satellite 5.6", "release_date": "2017-05-09T00:00:00Z"}, {"advisory": "RHSA-2017:1216", "cpe": "cpe:/a:redhat:network_satellite:5.7::el6", "package": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8", "product_name": "Red Hat Satellite 5.7", "release_date": "2017-05-09T00:00:00Z"}], "bugzilla": {"description": "OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)", "id": "1413906", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413906"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified"}, "cwe": "CWE-20", "details": ["Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.8 (Integrity impacts).", "It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN."], "name": "CVE-2017-3252", "public_date": "2017-01-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-3252\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3252"], "threat_severity": "Moderate"}