SB2017102607 - Amazon Linux AMI update for java-1.8.0-openjdk
Published: October 26, 2017
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 14 vulnerabilities.
1) Denial of service (CVE-ID: CVE-2017-10281)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to a flaw in the Serialization component. A remote attacker can trigger partial denial of service on the target system.
2) Improper access control (CVE-ID: CVE-2017-10345)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to a flaw in the Serialization component. A remote attacker can trigger partial denial of service.
3) Privilege escalation (CVE-ID: CVE-2017-10346)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to gain elevated privileges.
The weakness exists due to a flaw in the Hotspot component. A remote attacker can escalate his privileges on the target system.
4) Denial of service (CVE-ID: CVE-2017-10347)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to a flaw in the Serialization component. A remote attacker can trigger partial denial of service on the target system.
5) Privilege escalation (CVE-ID: CVE-2017-10285)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to gain elevated privileges.
The weakness exists due to a flaw in the RMI component. A remote attacker can escalate his privileges on the target system.
6) Improper access control (CVE-ID: CVE-2017-10356)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The weakness exists due to a flaw in the Security component. A remote attacker can gain unauthorized access to sensitive information.
7) Improper access control (CVE-ID: CVE-2017-10355)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to a flaw in the Networking component. A remote attacker can trigger partial denial of service.
8) Improper access control (CVE-ID: CVE-2017-10295)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to access potentially sensitive information.
The weakness exists due to a flaw in the Javadoc component. A remote attacker can partially modify arbitrary files on the target system.
9) Improper access control (CVE-ID: CVE-2017-10348)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to a flaw in the Libraries component. A remote attacker can trigger partial denial of service.
10) Improper access control (CVE-ID: CVE-2017-10349)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to a flaw in the JAXP component. A remote attacker can trigger partial denial of service.
11) Improper access control (CVE-ID: CVE-2017-10350)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to a flaw in the JAX-WS component. A remote attacker can trigger partial denial of service.
12) Improper access control (CVE-ID: CVE-2017-10274)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to access potentially sensitive information.
The weakness exists due to a flaw in the Smart Card IO component. A remote attacker can read and modify arbitrary files on the target system.
13) Improper access control (CVE-ID: CVE-2017-10357)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to a flaw in the Serialization component. A remote attacker can trigger partial denial of service.
14) Privilege escalation (CVE-ID: CVE-2017-10388)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to gain elevated privileges.
The weakness exists due to a flaw in the Libraries component. A remote attacker can escalate his privileges on the target system.
Remediation
Install update from vendor's website.