← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

PublicDateAtUSN: 2017-07-20
Candidate: CVE-2017-10243
PublicDate: 2017-08-08
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10243
 http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA
 http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html#JAVA
 http://www.ubuntu.com/usn/usn-3366-1
 http://www.ubuntu.com/usn/usn-3396-1
Description:
 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle
 Java SE (subcomponent: JAX-WS). Supported versions that are affected are
 Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit:
 R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker
 with network access via multiple protocols to compromise Java SE, Java SE
 Embedded, JRockit. Successful attacks of this vulnerability can result in
 unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit
 accessible data and unauthorized ability to cause a partial denial of
 service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This
 vulnerability can be exploited through sandboxed Java Web Start
 applications and sandboxed Java applets. It can also be exploited by
 supplying data to APIs in the specified Component without using sandboxed
 Java Web Start applications or sandboxed Java applets, such as through a
 web service. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability
 impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).
Ubuntu-Description:
 It was discovered that OpenJDK did not properly perform access control
 checks when handling Web Service Definition Language (WSDL) XML
 documents. An attacker could use this to expose sensitive information.
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:

Patches_openjdk-7:
upstream_openjdk-7: needs-triage
precise/esm_openjdk-7: DNE
trusty_openjdk-7: released (7u151-2.6.11-0ubuntu1.14.04.1)
vivid/ubuntu-core_openjdk-7: DNE
xenial_openjdk-7: DNE
yakkety_openjdk-7: DNE
zesty_openjdk-7: DNE
devel_openjdk-7: DNE

Patches_openjdk-6:
upstream_openjdk-6: needs-triage
precise/esm_openjdk-6: DNE
trusty_openjdk-6: needs-triage
vivid/ubuntu-core_openjdk-6: DNE
xenial_openjdk-6: DNE
yakkety_openjdk-6: DNE
zesty_openjdk-6: DNE
devel_openjdk-6: DNE

Patches_openjdk-9:
upstream_openjdk-9: needs-triage
precise/esm_openjdk-9: DNE
trusty_openjdk-9: DNE
vivid/ubuntu-core_openjdk-9: DNE
xenial_openjdk-9: needs-triage
yakkety_openjdk-9: ignored (reached end-of-life)
zesty_openjdk-9: needs-triage
devel_openjdk-9: needs-triage

Patches_openjdk-8:
 upstream: http://hg.openjdk.java.net/jdk8u/jdk8u/jaxws/rev/65d3b0e44551
upstream_openjdk-8: needs-triage
precise/esm_openjdk-8: DNE
trusty_openjdk-8: DNE
vivid/ubuntu-core_openjdk-8: DNE
xenial_openjdk-8: released (8u131-b11-2ubuntu1.16.04.2)
yakkety_openjdk-8: ignored (reached end-of-life)
zesty_openjdk-8: released (8u131-b11-2ubuntu1.17.04.2)
devel_openjdk-8: not-affected (8u141-b15-1)