It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm.
Find out more about CVE-2017-3539 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS3 Base Score | 3.1 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N |
Attack Vector | Network |
Attack Complexity | High |
Privileges Required | None |
User Interaction | Required |
Scope | Unchanged |
Confidentiality | None |
Integrity Impact | Low |
Availability Impact | None |
Platform | Errata | Release Date |
---|---|---|
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.6.0-ibm) | RHSA-2017:1222 | 2017-05-10 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.6.0-sun) | RHSA-2017:1119 | 2017-04-24 |
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.1-ibm) | RHSA-2017:1221 | 2017-05-10 |
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.8.0-ibm) | RHSA-2017:1220 | 2017-05-10 |
Red Hat Enterprise Linux 7 (java-1.7.0-openjdk) | RHSA-2017:1204 | 2017-05-09 |
Red Hat Enterprise Linux 6 (java-1.8.0-openjdk) | RHSA-2017:1109 | 2017-04-20 |
Red Hat Enterprise Linux 7 (java-1.8.0-openjdk) | RHSA-2017:1108 | 2017-04-21 |
Red Hat Satellite 5.8 (RHEL v.6) (java-1.8.0-ibm) | RHSA-2017:3453 | 2017-12-13 |
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.8.0-ibm) | RHSA-2017:1220 | 2017-05-10 |
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.7.1-ibm) | RHSA-2017:1221 | 2017-05-10 |
Oracle Java for Red Hat Enterprise Linux 6 (java-1.8.0-oracle) | RHSA-2017:1117 | 2017-04-24 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.7.0-oracle) | RHSA-2017:1118 | 2017-04-24 |
Oracle Java for Red Hat Enterprise Linux 6 (java-1.6.0-sun) | RHSA-2017:1119 | 2017-04-24 |
Oracle Java for Red Hat Enterprise Linux 6 (java-1.7.0-oracle) | RHSA-2017:1118 | 2017-04-24 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.8.0-oracle) | RHSA-2017:1117 | 2017-04-24 |
Red Hat Enterprise Linux 6 (java-1.7.0-openjdk) | RHSA-2017:1204 | 2017-05-09 |
Platform | Package | State |
---|---|---|
Red Hat Satellite 5 | java-1.7.1-ibm | Will not fix |
Red Hat Satellite 5 | java-1.6.0-ibm | Will not fix |
Red Hat Enterprise Linux 5 | java-1.6.0-sun | Will not fix |
Red Hat Enterprise Linux 5 | java-1.7.0-oracle | Will not fix |
Red Hat Enterprise Linux 5 | java-1.7.0-openjdk | Will not fix |