DIESER SERVICE KANN ÜBERSETZUNGEN VON GOOGLE ENTHALTEN. GOOGLE ÜBERNIMMT KEINERLEI VERANTWORTUNG FÜR DIE ÜBERSETZUNGEN. DARUNTER FÄLLT JEGLICHE VERANTWORTUNG IN BEZUG AUF RICHTIGKEIT UND ZUVERLÄSSIGKEIT SOWIE JEGLICHE STILLSCHWEIGENDEN GEWÄHRLEISTUNGEN DER MARKTGÄNGIGKEIT, NICHT-VERLETZUNG VON RECHTEN DRITTER ODER DER EIGNUNG FÜR EINEN BESTIMMTEN ZWECK. Die Website von Kaspersky Lab wurde für Ihre Bequemlichkeit mithilfe einer Übersetzungssoftware von Google Translate übersetzt. Es wurden angemessene Bemühungen für die Bereitstellung einer akkuraten Übersetzung unternommen. Bitte beachten Sie, dass automatisierte Übersetzungen nicht perfekt sind und menschliche Übersetzer in keinem Fall ersetzen sollen. Übersetzungen werden den Nutzern der Kaspersky-Lab-Website als Service und "wie sie sind" zur Verfügung gestellt. Die Richtigkeit, Zuverlässigkeit oder Korrektheit jeglicher Übersetzungen aus dem Englischen in eine andere Sprache wird weder ausdrücklich noch stillschweigend garantiert. Einige Inhalte (z. B. Bilder, Videos, Flash, usw.) können aufgrund der Einschränkungen der Übersetzungssoftware möglicherweise nicht inhaltsgetreu übersetzt werden.
Lösungen für:
Privatanwender
Unternehmen
Unternehmen
Unternehmen
Schwachstellen Bedrohungen
Home Schwachstellen

Multiple vulnerabilities in Oracle Java SE

Kaspersky ID:
KLA11076
Erkennungsdatum:
07/19/2017
Aktualisiert:
03/29/2019

Beschreibung

Multiple serious vulnerabilities have been found in Oracle Java SE. Malicious users can exploit these vulnerabilities to gain privileges, read and write accessible data and cause a denial of service.

Below is a complete list of vulnerabilities:

  1. An unspecified vulnerability in the 2D subcomponent of Java SE, Java SE Embedded and JRockit can be exploited remotely via sandboxed Java Web Start applications, sandboxed Java applets or by supplying data to APIs in the specified Component through a web service to cause a denial of service;
  2. An unspecified vulnerability in the Security subcomponent of Java SE can be exploited remotely by convincing a user to run untrusted code to gain privileges;
  3. An unspecified vulnerability in the Hotspot subcomponent of Java SE and Java SE Embedded can be exploited remotely by convincing a user to run untrusted code to gain privileges;
  4. An unspecified vulnerability in the Scripting subcomponent of Java SE can be exploited remotely via sandboxed Java Web Start applications, sandboxed Java applets or by supplying data to APIs in the specified Component through a web service to get read/write access to all Java SE accessible data;
  5. An unspecified vulnerability in the Hotspot subcomponent of Java SE and Java SE Embedded can be exploited remotely by convincing a user to run untrusted code to get write access to some of Java SE, Java SE Embedded accessible data;
  6. Multiple unspecified vulnerabilities in the JavaFX subcomponent of Java SE can be exploited remotely by convincing a user to run untrusted code to gain privileges;
  7. Multiple unspecified vulnerabilities in the Libraries subcomponent of Java SE and Java SE Embedded can be exploited remotely by convincing a user to run untrusted code to gain privileges;
  8. An unspecified vulnerability in the ImageIO subcomponent of Java SE can be exploited remotely by convincing a user to run untrusted code to gain privileges;
  9. Multiple unspecified vulnerabilities in the JAXP subcomponent of Java SE and Java SE Embedded can be exploited remotely by convincing a user to run untrusted code to gain privileges;
  10. An unspecified vulnerability in the RMI subcomponent of Java SE and Java SE Embedded can be exploited remotely supplying data to APIs in the specified Component through a web service to gain privileges;
  11. Multiple unspecified vulnerabilities in the Server subcomponent of Java Advanced Management Console can be exploited remotely via unknown vectors to get read/write access to some of Java Advanced Management Console accessible data and cause a denial of service;
  12. An unspecified vulnerability in the Deployment subcomponent of Java SE can be exploited remotely by convincing a user to run untrusted code to get write access to some of Java SE accessible data;
  13. An unspecified vulnerability in the RMI subcomponent of Java SE and Java SE Embedded can be exploited remotely by convincing a user to run untrusted code to gain privileges;
  14. An unspecified vulnerability in the Serialization subcomponent of Java SE, Java SE Embedded and JRockit can be exploited remotely via sandboxed Java Web Start applications, sandboxed Java applets or by supplying data to APIs in the specified Component through a web service to cause a denial of service;
  15. An unspecified vulnerability in the Serialization subcomponent of Java SE, Java SE Embedded and JRockit can be exploited remotely by convincing a user to run untrusted code to cause a denial of service;
  16. An unspecified vulnerability in the AWT subcomponent of Java SE can be exploited remotely by convincing a user to run untrusted code to gain privileges;
  17. Multiple unspecified vulnerabilities in the JCE subcomponent of Java SE, Java SE Embedded, JRockit can be exploited remotely via sandboxed Java Web Start applications, sandboxed Java applets or by supplying data to APIs in the specified Component through a web service to get read access to all Java SE, Java SE Embedded, JRockit accessible data;
  18. An unspecified vulnerability in the Security subcomponent of Java SE, Java SE Embedded, JRockit can be exploited remotely via sandboxed Java Web Start applications, sandboxed Java applets or by supplying data to APIs in the specified Component through a web service to gain privileges;
  19. An unspecified vulnerability in the Server subcomponent of Java Advanced Management Console can be exploited remotely via unknown vectors to get read access to some of Java Advanced Management Console accessible data;
  20. An unspecified vulnerability in the Deployment subcomponent of Java SE can be exploited locally via unknown vectors to gain privileges;
  21. Multiple unspecified vulnerabilities in the Security subcomponent of Java SE, Java SE Embedded, JRockit can be exploited remotely via sandboxed Java Web Start applications, sandboxed Java applets or by supplying data to APIs in the specified Component through a web service to get read access to all Java SE, Java SE Embedded, JRockit accessible data;
  22. An unspecified vulnerability in the Security subcomponent of Java SE and Java SE Embedded can be exploited remotely by convincing a user to run untrusted code to get read access to some of Java SE and Java SE Embedded accessible data;
  23. An unspecified vulnerability in the JAX-WS subcomponent of Java SE, Java SE Embedded, JRockit can be exploited remotely via sandboxed Java Web Start applications, sandboxed Java applets or by supplying data to APIs in the specified Component through a web service to get read access to some of Java SE and Java SE Embedded accessible data and cause a denial of service;

Technical details

Vulnerability (20) applies to deployment of Java where the Java Auto Update is enabled.

NB: Not every vulnerability already have CVSS rating so cumulative CVSS rating can be not representative.

Ursprüngliche Informationshinweise

CVE Liste

  • CVE-2017-10053
    high
  • CVE-2017-10067
    high
  • CVE-2017-10074
    high
  • CVE-2017-10078
    high
  • CVE-2017-10081
    high
  • CVE-2017-10086
    high
  • CVE-2017-10087
    high
  • CVE-2017-10089
    high
  • CVE-2017-10090
    high
  • CVE-2017-10096
    high
  • CVE-2017-10102
    high
  • CVE-2017-10104
    high
  • CVE-2017-10105
    high
  • CVE-2017-10107
    high
  • CVE-2017-10108
    high
  • CVE-2017-10109
    high
  • CVE-2017-10110
    high
  • CVE-2017-10111
    high
  • CVE-2017-10114
    high
  • CVE-2017-10115
    high
  • CVE-2017-10116
    high
  • CVE-2017-10117
    high
  • CVE-2017-10118
    high
  • CVE-2017-10121
    high
  • CVE-2017-10125
    high
  • CVE-2017-10145
    high
  • CVE-2017-10176
    high
  • CVE-2017-10193
    high
  • CVE-2017-10198
    high
  • CVE-2017-10243
    high

Mehr erfahren

Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com

Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden? Mitteilen!
Kaspersky Next
Let´s go Next: Cybersicherheit neu gedacht
Erfahren Sie mehr
Neu: Kaspersky!
Dein digitales Leben verdient umfassenden Schutz!
Erfahren Sie mehr
Related articles
19 November 2024
Securelist
Scammer Black Friday offers: Online shopping threats and dark web sales
14 November 2024
Securelist
Сrimeware and financial cyberthreats in 2025
13 November 2024
Securelist
Threats in space (or rather, on Earth): internet-exposed GNSS receivers
11 November 2024
Securelist
Ymir: new stealthy ransomware in the wild
08 November 2024
Securelist
QSC: A multi-plugin framework used by CloudComputating group in cyberespionage campaigns
06 November 2024
Securelist
New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency
Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden?
Falls Sie eine neue Bedrohung oder Schwachstelle gefunden haben, können Sie uns dies gerne per Mail mitteilen.
newvirus@kaspersky.com
Sie haben eine neue Bedrohung oder Schwachstelle gefunden?
Falls Sie eine neue Bedrohung oder Schwachstelle gefunden haben, können Sie uns dies gerne per Mail mitteilen.
newvirus@kaspersky.com
Lösungen für
Privatanwender
Unternehmen
Unternehmen
Unternehmen
Select language
Sorting
Kaspersky ID
Schwachstellen
Detect date
Schweregrad
Confirm changes?
Your message has been sent successfully.