Multiple vulnerabilities in Oracle Java SE

Описание

Multiple serious vulnerabilities have been found in Oracle Java SE. Malicious users can exploit these vulnerabilities to gain privileges, read and write accessible data and cause a denial of service.

Below is a complete list of vulnerabilities:

1. An unspecified vulnerability in the 2D subcomponent of Java SE, Java SE Embedded and JRockit can be exploited remotely via sandboxed Java Web Start applications, sandboxed Java applets or by supplying data to APIs in the specified Component through a web service to cause a denial of service;
2. An unspecified vulnerability in the Security subcomponent of Java SE can be exploited remotely by convincing a user to run untrusted code to gain privileges;
3. An unspecified vulnerability in the Hotspot subcomponent of Java SE and Java SE Embedded can be exploited remotely by convincing a user to run untrusted code to gain privileges;
4. An unspecified vulnerability in the Scripting subcomponent of Java SE can be exploited remotely via sandboxed Java Web Start applications, sandboxed Java applets or by supplying data to APIs in the specified Component through a web service to get read/write access to all Java SE accessible data;
5. An unspecified vulnerability in the Hotspot subcomponent of Java SE and Java SE Embedded can be exploited remotely by convincing a user to run untrusted code to get write access to some of Java SE, Java SE Embedded accessible data;
6. Multiple unspecified vulnerabilities in the JavaFX subcomponent of Java SE can be exploited remotely by convincing a user to run untrusted code to gain privileges;
7. Multiple unspecified vulnerabilities in the Libraries subcomponent of Java SE and Java SE Embedded can be exploited remotely by convincing a user to run untrusted code to gain privileges;
8. An unspecified vulnerability in the ImageIO subcomponent of Java SE can be exploited remotely by convincing a user to run untrusted code to gain privileges;
9. Multiple unspecified vulnerabilities in the JAXP subcomponent of Java SE and Java SE Embedded can be exploited remotely by convincing a user to run untrusted code to gain privileges;
10. An unspecified vulnerability in the RMI subcomponent of Java SE and Java SE Embedded can be exploited remotely supplying data to APIs in the specified Component through a web service to gain privileges;
11. Multiple unspecified vulnerabilities in the Server subcomponent of Java Advanced Management Console can be exploited remotely via unknown vectors to get read/write access to some of Java Advanced Management Console accessible data and cause a denial of service;
12. An unspecified vulnerability in the Deployment subcomponent of Java SE can be exploited remotely by convincing a user to run untrusted code to get write access to some of Java SE accessible data;
13. An unspecified vulnerability in the RMI subcomponent of Java SE and Java SE Embedded can be exploited remotely by convincing a user to run untrusted code to gain privileges;
14. An unspecified vulnerability in the Serialization subcomponent of Java SE, Java SE Embedded and JRockit can be exploited remotely via sandboxed Java Web Start applications, sandboxed Java applets or by supplying data to APIs in the specified Component through a web service to cause a denial of service;
15. An unspecified vulnerability in the Serialization subcomponent of Java SE, Java SE Embedded and JRockit can be exploited remotely by convincing a user to run untrusted code to cause a denial of service;
16. An unspecified vulnerability in the AWT subcomponent of Java SE can be exploited remotely by convincing a user to run untrusted code to gain privileges;
17. Multiple unspecified vulnerabilities in the JCE subcomponent of Java SE, Java SE Embedded, JRockit can be exploited remotely via sandboxed Java Web Start applications, sandboxed Java applets or by supplying data to APIs in the specified Component through a web service to get read access to all Java SE, Java SE Embedded, JRockit accessible data;
18. An unspecified vulnerability in the Security subcomponent of Java SE, Java SE Embedded, JRockit can be exploited remotely via sandboxed Java Web Start applications, sandboxed Java applets or by supplying data to APIs in the specified Component through a web service to gain privileges;
19. An unspecified vulnerability in the Server subcomponent of Java Advanced Management Console can be exploited remotely via unknown vectors to get read access to some of Java Advanced Management Console accessible data;
20. An unspecified vulnerability in the Deployment subcomponent of Java SE can be exploited locally via unknown vectors to gain privileges;
21. Multiple unspecified vulnerabilities in the Security subcomponent of Java SE, Java SE Embedded, JRockit can be exploited remotely via sandboxed Java Web Start applications, sandboxed Java applets or by supplying data to APIs in the specified Component through a web service to get read access to all Java SE, Java SE Embedded, JRockit accessible data;
22. An unspecified vulnerability in the Security subcomponent of Java SE and Java SE Embedded can be exploited remotely by convincing a user to run untrusted code to get read access to some of Java SE and Java SE Embedded accessible data;
23. An unspecified vulnerability in the JAX-WS subcomponent of Java SE, Java SE Embedded, JRockit can be exploited remotely via sandboxed Java Web Start applications, sandboxed Java applets or by supplying data to APIs in the specified Component through a web service to get read access to some of Java SE and Java SE Embedded accessible data and cause a denial of service;

---

Technical details

Vulnerability (20) applies to deployment of Java where the Java Auto Update is enabled.

NB: Not every vulnerability already have CVSS rating so cumulative CVSS rating can be not representative.

Первичный источник обнаружения

• Oracle Critical Patch Update - July 2017
  

Связанные продукты

• Oracle-Java-JRE-1.7.x
• Oracle-Java-JDK-1.7.x
• Oracle-Java-JDK-1.8.x
• Oracle-Java-JRE-1.8.x
• Oracle-JRockit

Список CVE

• CVE-2017-10053
  warning
• CVE-2017-10067
  high
• CVE-2017-10074
  high
• CVE-2017-10078
  high
• CVE-2017-10081
  warning
• CVE-2017-10086
  high
• CVE-2017-10087
  high
• CVE-2017-10089
  high
• CVE-2017-10090
  high
• CVE-2017-10096
  high
• CVE-2017-10102
  high
• CVE-2017-10104
  high
• CVE-2017-10105
  warning
• CVE-2017-10107
  high
• CVE-2017-10108
  warning
• CVE-2017-10109
  warning
• CVE-2017-10110
  high
• CVE-2017-10111
  high
• CVE-2017-10114
  high
• CVE-2017-10115
  warning
• CVE-2017-10116
  high
• CVE-2017-10117
  warning
• CVE-2017-10118
  warning
• CVE-2017-10121
  high
• CVE-2017-10125
  warning
• CVE-2017-10145
  high
• CVE-2017-10176
  warning
• CVE-2017-10193
  warning
• CVE-2017-10198
  warning
• CVE-2017-10243
  high

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com