Vulnerability in Oracle Jdk
CVE-2017-3526
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to ex…
EPSS: 0.011 (78.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Oracle Jdk — versions 1.6, 1.7, 1.8
- Oracle Jre — versions 1.6, 1.7, 1.8
- Oracle Jrockit — versions r28.3.13
- Oracle Corporation Java — versions 7u131, Java SE: 6u141, 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13
References
- secalert_us@oracle.com (vendor-advisory, x_refsource_GENTOO)
- secalert_us@oracle.com (x_refsource_REDHAT, vendor-advisory)
- secalert_us@oracle.com (x_refsource_CONFIRM, Vendor Advisory)
- secalert_us@oracle.com (x_refsource_REDHAT, vendor-advisory)
- secalert_us@oracle.com (vdb-entry, x_refsource_SECTRACK)
- secalert_us@oracle.com (vendor-advisory, x_refsource_DEBIAN)
- secalert_us@oracle.com (x_refsource_REDHAT, vendor-advisory)
- secalert_us@oracle.com (x_refsource_REDHAT, vendor-advisory)
- secalert_us@oracle.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
- secalert_us@oracle.com (x_refsource_REDHAT, vendor-advisory)
Frequently asked questions
- What is CVE-2017-3526?
- CVE-2017-3526 is a medium-severity vulnerability in Oracle Jdk. CVSS score: 5.9/10. Published 2017-04-24.
- How severe is CVE-2017-3526?
- Medium severity. CVSS v3 base score is 5.9 out of 10.