CVE-2017-10355 : What You Need to Know

Oracle Java SE, Java SE Embedded, and JRockit Networking component vulnerability.

Understanding CVE-2017-10355

A vulnerability in Oracle Java SE, Java SE Embedded, and JRockit could allow unauthorized network-based attacks.

What is CVE-2017-10355?

The Networking component of Oracle Java SE, Java SE Embedded, and JRockit is vulnerable to exploitation by unauthenticated attackers with network access through various protocols. The affected versions include Java SE: 6u161, 7u151, 8u144, and 9; Java SE Embedded: 8u144; JRockit: R28.3.15.

The Impact of CVE-2017-10355

Successful exploitation could lead to a partial denial of service (partial DOS) for Java SE, Java SE Embedded, and JRockit.
The vulnerability can be exploited through sandboxed Java Web Start applications, sandboxed Java applets, or by providing data to APIs without using sandboxed applications.

Technical Details of CVE-2017-10355

A vulnerability in the Networking component of Oracle Java SE, Java SE Embedded, and JRockit.

Vulnerability Description

Easily exploitable vulnerability allowing unauthenticated attackers to compromise Java SE, Java SE Embedded, and JRockit.
Successful attacks could result in unauthorized partial denial of service.

Affected Systems and Versions

Java SE: 6u161, 7u151, 8u144, 9
Java SE Embedded: 8u144
JRockit: R28.3.15

Exploitation Mechanism

Attackers with network access via multiple protocols can exploit the vulnerability.

Mitigation and Prevention

Steps to address and prevent the CVE-2017-10355 vulnerability.

Immediate Steps to Take

Apply security patches provided by Oracle promptly.
Monitor Oracle's security advisories for updates.

Long-Term Security Practices

Implement network security measures to restrict unauthorized access.
Regularly update and patch Java installations.

Patching and Updates

Stay informed about security updates and apply them as soon as they are released.