CVE-2017-10108

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

公開: 2017-08-08 最後更新: 2026-06-16 指派方: [email protected] 來源: [email protected]

結論預警: CVE-2017-10108 綜合評估為中等風險(53.9/100):CVSS 技術影響為中級,利用機率(EPSS 3.11%) 核心證據: 近一日 EPSS 上升 +2.61%,被利用關注度持續升高。 強制指令: 梳理受影響資產並納入修補計畫。

風險隨態勢動態變化;本站持續評估並同步更新本頁展示內容。

CVE-2017-10108 的 EPSS(利用預測評分)

EPSS 日更估計相對被利用可能性;百分位表示該 CVE 在已評分漏洞中的相對排名(越高表示相對更嚴重)。

# 日期 舊 EPSS 分數 新 EPSS 分數 變化(新 − 舊)
1 2026-06-15 0.50% 3.11% +2.61%
2 2026-05-13 0.61% 0.50% -0.11%
3 2026-04-24 0.61%

完整 EPSS 歷史 (共 21 筆)

CVE-2017-10108 的 CVSS 指標

該 CVE 的 CVSS 指標。

底座分 版本 嚴重度 向量 可利用性 影響 分數來源
5.3 3.1 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 點擊展開
攻擊向量 (AV:N)
可經網際網路或企業內可路由網段從遠端觸達,攻擊者不必在裝置旁邊。
攻擊複雜度 (AC:L)
前置條件清楚,成功路徑穩定,不必仰賴罕見競態或極端環境。
權限需求 (PR:N)
不必事先登入或提權,匿名工作階段也可能成為跳板。
使用者互動 (UI:N)
不必受害者點連結、放行巨集或安裝軟體,攻擊鏈可自動走完。
作用域 (S:U)
破壞局限在脆弱元件原本的安全權限與信任域之內。
機密性影響 (C:N)
幾乎談不上實質的敏感資料外洩。
完整性影響 (I:N)
對紀錄真實性與不可否認性的破壞可忽略。
可用性影響 (A:L)
出現明顯延遲、間歇性故障或局部功能不可用,但可用維運手段緩解。
3.9 1.4 [email protected]
5.0 2.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P 點擊展開
存取路徑 (AV:N)
只要路由可達,即可從遠端發動利用。
存取複雜度 (AC:L)
步驟短、路徑清楚,重現成本低。
認證 (AU:N)
全程無需有效身分。
機密性影響 (C:N)
對機密性無影響。
完整性影響 (I:N)
對完整性無影響。
可用性影響 (A:P)
可用性受到部分損害。
10.0 2.9 [email protected]

CVE-2017-10108 的弱點列舉

CVE-2017-10108 的 OS 追蹤

vendor priority summary link
debian not yet assigned CVE-2017-10108 not yet assigned priority: Debian including 1 source packages (openjdk-8), 1 status rows across 1 suites (sid): resolved 1. https://security-tracker.debian.org/tracker/CVE-2017-10108
gentoo normal CVE-2017-10108: 1 GLSA(s) (201709-22), 3 atom(s) (dev-java/icedtea-bin, dev-java/oracle-jdk-bin, dev-java/oracle-jre-bin); latest impact normal. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2017-10108
redhat medium https://access.redhat.com/security/cve/CVE-2017-10108
suse medium CVE-2017-10108 severity moderate: SUSE including 152 source package names (java-1.7.0-openjdk-1.7.0.151-2.6.11.1.el7_4, java-1.7.0-openjdk-accessibility-1.7.0.151-2.6.11.1.el7_4, …), 366 product×package rows across 54 product lines (Image SLES12-SP5-Azure-SAP-BYOS, Image SLES12-SP5-Azure-SAP-On-Demand, … (54 product lines)): Fixed 329, Known Not Affected 37. https://www.suse.com/security/cve/CVE-2017-10108/
ubuntu low CVE-2017-10108 low priority: Ubuntu including 4 source packages (openjdk-6, openjdk-7, openjdk-8, openjdk-9), 60 status rows across 15 suites (artful, bionic, cosmic, disco, eoan, focal, groovy, hirsute, impish, jammy, trusty, upstream, xenial, yakkety, zesty): DNE 38, not-affected 12, needs-triage 4, ignored 3, released 3. https://ubuntu.com/security/CVE-2017-10108

CVE-2017-10108 的影響軟體 / 設定

廠商 產品 版本 原始 CPE
oracle jdk 1.6.0 cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*
oracle jdk 1.7.0 cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*
oracle jdk 1.8.0 cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*
oracle jre 1.6.0 cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*
oracle jre 1.7.0 cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*
oracle jre 1.8.0 cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*
oracle jrockit r28.3.14 cpe:2.3:a:oracle:jrockit:r28.3.14:*:*:*:*:*:*:*
debian debian_linux 8.0 cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
debian debian_linux 9.0 cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
phoenixcontact fl_mguard_dm <= 1.8.0 cpe:2.3:a:phoenixcontact:fl_mguard_dm:*:*:*:*:*:*:*:*
redhat satellite 5.8 cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
redhat enterprise_linux_desktop 6.0 cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
redhat enterprise_linux_desktop 7.0 cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
redhat enterprise_linux_eus 7.3 cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*
redhat enterprise_linux_eus 7.4 cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
redhat enterprise_linux_eus 7.5 cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
redhat enterprise_linux_eus 7.6 cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
redhat enterprise_linux_eus 7.7 cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
redhat enterprise_linux_server 6.0 cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
redhat enterprise_linux_server 7.0 cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
redhat enterprise_linux_server_aus 7.3 cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
redhat enterprise_linux_server_aus 7.4 cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
redhat enterprise_linux_server_aus 7.6 cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
redhat enterprise_linux_server_aus 7.7 cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
redhat enterprise_linux_server_tus 7.3 cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
redhat enterprise_linux_server_tus 7.4 cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
redhat enterprise_linux_server_tus 7.6 cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
redhat enterprise_linux_server_tus 7.7 cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
redhat enterprise_linux_workstation 6.0 cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
redhat enterprise_linux_workstation 7.0 cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
netapp active_iq_unified_manager >= 7.3 cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
netapp active_iq_unified_manager >= 9.5 cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
netapp cloud_backup cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
netapp e-series_santricity_os_controller >= 11.0, <= 11.70.1 cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
netapp e-series_santricity_storage_manager cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
netapp element_software cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
netapp oncommand_balance cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
netapp oncommand_insight cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
netapp oncommand_performance_manager cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*
netapp oncommand_shift cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*
netapp oncommand_unified_manager <= 7.1 cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*
netapp oncommand_unified_manager cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*
netapp oncommand_unified_manager 7.1 cpe:2.3:a:netapp:oncommand_unified_manager:7.1:*:*:*:*:vsphere:*:*
netapp plug-in_for_symantec_netbackup cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
netapp snapmanager cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
netapp snapmanager cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
netapp steelstore_cloud_integrated_storage cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
netapp storage_replication_adapter_for_clustered_data_ontap >= 7.2 cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*
netapp storage_replication_adapter_for_clustered_data_ontap 9.6 cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*
netapp vasa_provider_for_clustered_data_ontap >= 7.2 cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*
netapp vasa_provider_for_clustered_data_ontap 6.0 cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*
netapp virtual_storage_console >= 7.2 cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*
netapp virtual_storage_console 6.0 cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*

CVE-2017-10108 的參考連結

URL 標籤
http://www.debian.org/security/2017/dsa-3919 Third Party Advisory
http://www.debian.org/security/2017/dsa-3954 Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html Patch Vendor Advisory
http://www.securityfocus.com/bid/99846 Broken Link
http://www.securitytracker.com/id/1038931 Broken Link
https://access.redhat.com/errata/RHSA-2017:1789 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1790 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1791 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1792 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2424 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2469 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2481 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2530 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3453 Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2017-002 Third Party Advisory
https://security.gentoo.org/glsa/201709-22 Third Party Advisory
https://security.netapp.com/advisory/ntap-20170720-0001/ Third Party Advisory
cvelogic Threat Intelligence