It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the-middle attacker could possibly use this flaw to impersonate Kerberos services to Java applications acting as Kerberos clients.
Find out more about CVE-2017-10388 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS3 Base Score | 6.8 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N |
Attack Vector | Network |
Attack Complexity | High |
Privileges Required | None |
User Interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity Impact | High |
Availability Impact | None |
Platform | Errata | Release Date |
---|---|---|
Red Hat Enterprise Linux 7 (java-1.7.0-openjdk) | RHSA-2017:3392 | 2017-12-06 |
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.7.1-ibm) | RHSA-2017:3268 | 2017-11-28 |
Red Hat Enterprise Linux 7 (java-1.8.0-openjdk) | RHSA-2017:2998 | 2017-10-20 |
Red Hat Enterprise Linux 6 (java-1.8.0-openjdk) | RHSA-2017:2998 | 2017-10-20 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.6.0-sun) | RHSA-2017:3047 | 2017-10-24 |
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.8.0-ibm) | RHSA-2017:3264 | 2017-11-27 |
Oracle Java for Red Hat Enterprise Linux 6 (java-1.7.0-oracle) | RHSA-2017:3046 | 2017-10-24 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.8.0-oracle) | RHSA-2017:2999 | 2017-10-23 |
Oracle Java for Red Hat Enterprise Linux 6 (java-1.8.0-oracle) | RHSA-2017:2999 | 2017-10-23 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.7.0-oracle) | RHSA-2017:3046 | 2017-10-24 |
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.1-ibm) | RHSA-2017:3268 | 2017-11-28 |
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.8.0-ibm) | RHSA-2017:3267 | 2017-11-28 |
Red Hat Enterprise Linux 6 (java-1.7.0-openjdk) | RHSA-2017:3392 | 2017-12-06 |
Oracle Java for Red Hat Enterprise Linux 6 (java-1.6.0-sun) | RHSA-2017:3047 | 2017-10-24 |
Red Hat Satellite 5.8 (RHEL v.6) (java-1.8.0-ibm) | RHSA-2017:3453 | 2017-12-13 |
Platform | Package | State |
---|---|---|
Red Hat Satellite 5 | java-1.7.1-ibm | Affected |
Red Hat Enterprise Linux 6 | java-1.6.0-ibm | Will not fix |