Solutions for:
Home Products
Small Business
Medium Business
Enterprise
Vulnerabilities Threats
Home Vulnerabilities

Multiple vulnerabilities in Oracle Java SE

Kaspersky ID:
KLA11076
Detect Date:
07/19/2017
Updated:
01/22/2024

Description

Multiple serious vulnerabilities have been found in Oracle Java SE. Malicious users can exploit these vulnerabilities to gain privileges, read and write accessible data and cause a denial of service.

Below is a complete list of vulnerabilities:

  1. An unspecified vulnerability in the 2D subcomponent of Java SE, Java SE Embedded and JRockit can be exploited remotely via sandboxed Java Web Start applications, sandboxed Java applets or by supplying data to APIs in the specified Component through a web service to cause a denial of service;
  2. An unspecified vulnerability in the Security subcomponent of Java SE can be exploited remotely by convincing a user to run untrusted code to gain privileges;
  3. An unspecified vulnerability in the Hotspot subcomponent of Java SE and Java SE Embedded can be exploited remotely by convincing a user to run untrusted code to gain privileges;
  4. An unspecified vulnerability in the Scripting subcomponent of Java SE can be exploited remotely via sandboxed Java Web Start applications, sandboxed Java applets or by supplying data to APIs in the specified Component through a web service to get read/write access to all Java SE accessible data;
  5. An unspecified vulnerability in the Hotspot subcomponent of Java SE and Java SE Embedded can be exploited remotely by convincing a user to run untrusted code to get write access to some of Java SE, Java SE Embedded accessible data;
  6. Multiple unspecified vulnerabilities in the JavaFX subcomponent of Java SE can be exploited remotely by convincing a user to run untrusted code to gain privileges;
  7. Multiple unspecified vulnerabilities in the Libraries subcomponent of Java SE and Java SE Embedded can be exploited remotely by convincing a user to run untrusted code to gain privileges;
  8. An unspecified vulnerability in the ImageIO subcomponent of Java SE can be exploited remotely by convincing a user to run untrusted code to gain privileges;
  9. Multiple unspecified vulnerabilities in the JAXP subcomponent of Java SE and Java SE Embedded can be exploited remotely by convincing a user to run untrusted code to gain privileges;
  10. An unspecified vulnerability in the RMI subcomponent of Java SE and Java SE Embedded can be exploited remotely supplying data to APIs in the specified Component through a web service to gain privileges;
  11. Multiple unspecified vulnerabilities in the Server subcomponent of Java Advanced Management Console can be exploited remotely via unknown vectors to get read/write access to some of Java Advanced Management Console accessible data and cause a denial of service;
  12. An unspecified vulnerability in the Deployment subcomponent of Java SE can be exploited remotely by convincing a user to run untrusted code to get write access to some of Java SE accessible data;
  13. An unspecified vulnerability in the RMI subcomponent of Java SE and Java SE Embedded can be exploited remotely by convincing a user to run untrusted code to gain privileges;
  14. An unspecified vulnerability in the Serialization subcomponent of Java SE, Java SE Embedded and JRockit can be exploited remotely via sandboxed Java Web Start applications, sandboxed Java applets or by supplying data to APIs in the specified Component through a web service to cause a denial of service;
  15. An unspecified vulnerability in the Serialization subcomponent of Java SE, Java SE Embedded and JRockit can be exploited remotely by convincing a user to run untrusted code to cause a denial of service;
  16. An unspecified vulnerability in the AWT subcomponent of Java SE can be exploited remotely by convincing a user to run untrusted code to gain privileges;
  17. Multiple unspecified vulnerabilities in the JCE subcomponent of Java SE, Java SE Embedded, JRockit can be exploited remotely via sandboxed Java Web Start applications, sandboxed Java applets or by supplying data to APIs in the specified Component through a web service to get read access to all Java SE, Java SE Embedded, JRockit accessible data;
  18. An unspecified vulnerability in the Security subcomponent of Java SE, Java SE Embedded, JRockit can be exploited remotely via sandboxed Java Web Start applications, sandboxed Java applets or by supplying data to APIs in the specified Component through a web service to gain privileges;
  19. An unspecified vulnerability in the Server subcomponent of Java Advanced Management Console can be exploited remotely via unknown vectors to get read access to some of Java Advanced Management Console accessible data;
  20. An unspecified vulnerability in the Deployment subcomponent of Java SE can be exploited locally via unknown vectors to gain privileges;
  21. Multiple unspecified vulnerabilities in the Security subcomponent of Java SE, Java SE Embedded, JRockit can be exploited remotely via sandboxed Java Web Start applications, sandboxed Java applets or by supplying data to APIs in the specified Component through a web service to get read access to all Java SE, Java SE Embedded, JRockit accessible data;
  22. An unspecified vulnerability in the Security subcomponent of Java SE and Java SE Embedded can be exploited remotely by convincing a user to run untrusted code to get read access to some of Java SE and Java SE Embedded accessible data;
  23. An unspecified vulnerability in the JAX-WS subcomponent of Java SE, Java SE Embedded, JRockit can be exploited remotely via sandboxed Java Web Start applications, sandboxed Java applets or by supplying data to APIs in the specified Component through a web service to get read access to some of Java SE and Java SE Embedded accessible data and cause a denial of service;

Technical details

Vulnerability (20) applies to deployment of Java where the Java Auto Update is enabled.

NB: Not every vulnerability already have CVSS rating so cumulative CVSS rating can be not representative.

Original advisories

Related products

CVE list

  • CVE-2017-10053
    warning
  • CVE-2017-10067
    high
  • CVE-2017-10074
    high
  • CVE-2017-10078
    high
  • CVE-2017-10081
    warning
  • CVE-2017-10086
    high
  • CVE-2017-10087
    high
  • CVE-2017-10089
    high
  • CVE-2017-10090
    high
  • CVE-2017-10096
    high
  • CVE-2017-10102
    high
  • CVE-2017-10104
    high
  • CVE-2017-10105
    warning
  • CVE-2017-10107
    high
  • CVE-2017-10108
    warning
  • CVE-2017-10109
    warning
  • CVE-2017-10110
    high
  • CVE-2017-10111
    high
  • CVE-2017-10114
    high
  • CVE-2017-10115
    warning
  • CVE-2017-10116
    high
  • CVE-2017-10117
    warning
  • CVE-2017-10118
    warning
  • CVE-2017-10121
    high
  • CVE-2017-10125
    warning
  • CVE-2017-10145
    high
  • CVE-2017-10176
    warning
  • CVE-2017-10193
    warning
  • CVE-2017-10198
    warning
  • CVE-2017-10243
    high

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Related articles
24 April 2024
Securelist
Assessing the Y, and How, of the XZ Utils incident
22 April 2024
Securelist
ToddyCat is making holes in your infrastructure
18 April 2024
Securelist
DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware
17 April 2024
Securelist
SoumniBot: the new Android banker’s unique techniques
15 April 2024
Securelist
Using the LockBit builder to generate targeted ransomware
12 April 2024
Securelist
XZ backdoor story – Initial analysis
Found an inaccuracy in the description of this vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Found a new Threat or Vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Solutions for
Home Products
Small Business
Medium Business
Enterprise
Select language
Sorting
Kaspersky ID
Vulnerability
Detect date
Severity
Confirm changes?
Your message has been sent successfully.