On July 18, 2017, Oracle released a security publication, announcing multiple vulnerabilities. Successfully exploiting these vulnerabilities allows remote users to access and modify data in the target system and gain escalated privileges in the target system, thereby causing DoS in the target system. This publication contains multiple security vulnerabilities, which result in a high risk.
See the following for more information about the vulnerability.
CVE identifier
CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10086, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10104, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10114, CVE-2017-10115, CVE-2017-10116, CVE-2017-10117, CVE-2017-10118, CVE-2017-10121, CVE-2017-10125, CVE-2017-10135, CVE-2017-10145, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243
Vulnerability name
Multiple Java vulnerabilities
Vulnerability rating
High
Vulnerability description
A remote user can exploit a flaw in the AWT component to gain elevated privileges [CVE-2017-10110].
A remote user can exploit a flaw in the ImageIO component to gain elevated privileges [CVE-2017-10089].
A remote user can exploit a flaw in the JavaFX component to gain elevated privileges [CVE-2017-10086].
A remote user can exploit a flaw in the JAXP component to gain elevated privileges [CVE-2017-10096].
A remote user can exploit a flaw in the JAXP component to gain elevated privileges [CVE-2017-10101].
A remote user can exploit a flaw in the Libraries component to gain elevated privileges [CVE-2017-10087, CVE-2017-10090, and CVE-2017-10111].
A remote user can exploit a flaw in the RMI component to gain elevated privileges [CVE-2017-10107, CVE-2017-10102].
A remote user can exploit a flaw in the JavaFX component to gain elevated privileges [CVE-2017-10114].
A remote user can exploit a flaw in the Hotspot component to gain elevated privileges [CVE-2017-10074].
A remote user can exploit a flaw in the Security component to gain elevated privileges [CVE-2017-10116].
A remote authenticated user can exploit a flaw in the Scripting component to access and modify data [CVE-2017-10078].
A remote user can exploit a flaw in the Security component to gain elevated privileges [CVE-2017-10067].
A remote user can exploit a flaw in the JCE component to access data [CVE-2017-10115, CVE-2017-10118].
A remote user can exploit a flaw in the Security component to access data [CVE-2017-10176].
A remote authenticated user can exploit a flaw in the Server component to partially access data, partially modify data, and partially deny service [CVE-2017-10104, CVE-2017-10145].
A local user can exploit a flaw in the Deployment component to gain elevated privileges [CVE-2017-10125].
A remote user can exploit a flaw in the Security component to access data [CVE-2017-10198].
A remote user can exploit a flaw in the JAX-WS component to partially access data and cause partial denial of service conditions [CVE-2017-10243].
A remote user can exploit a flaw in the Server component to partially access and partially modify data [CVE-2017-10121].
A remote user can exploit a flaw in the JCE component to access data [CVE-2017-10135].
A remote user can exploit a flaw in the Server component to partially access data [CVE-2017-10117].
A remote user can exploit a flaw in the 2D component to cause partial denial of service conditions [CVE-2017-10053].
A remote user can exploit a flaw in the Serialization component to cause partial denial of service conditions [CVE-2017-10108, CVE-2017-10109].
A remote user can exploit a flaw in the Deployment component to partially modify data [CVE-2017-10105].
A remote user can exploit a flaw in the Hotspot component to partially modify data [CVE-2017-10081].
A remote user can exploit a flaw in the Security component to partially access data [CVE-2017-10193].
Condition and method of exploitation
The vulnerability can be exploited remotely or locally.
Affected scope
- Java 6 Update 151
- Java 7 Update 141
- Java 8 Update 131
Vulnerability detection
Check whether any affected version of Java is used.
How to fix or mitigate
The official website has released the latest version to fix the vulnerabilities. You can upgrade Java to Java 8 Update 141.
Reference
[1]. http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
[2]. http://www.securitytracker.com/id/1038931