CVE-2017-3241

9.0 CRITICAL

Published: January 27, 2017 Modified: May 13, 2026

Description

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts).

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0175.html

Source: secalert_us@oracle.com

http://rhn.redhat.com/errata/RHSA-2017-0176.html

Source: secalert_us@oracle.com

http://rhn.redhat.com/errata/RHSA-2017-0177.html

Source: secalert_us@oracle.com

http://rhn.redhat.com/errata/RHSA-2017-0180.html

Source: secalert_us@oracle.com

http://rhn.redhat.com/errata/RHSA-2017-0263.html

Source: secalert_us@oracle.com

http://rhn.redhat.com/errata/RHSA-2017-0269.html

Source: secalert_us@oracle.com

http://rhn.redhat.com/errata/RHSA-2017-0336.html

Source: secalert_us@oracle.com

http://rhn.redhat.com/errata/RHSA-2017-0337.html

Source: secalert_us@oracle.com

http://rhn.redhat.com/errata/RHSA-2017-0338.html

Source: secalert_us@oracle.com

http://www.debian.org/security/2017/dsa-3782

Source: secalert_us@oracle.com

http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html

Source: secalert_us@oracle.com

Patch Vendor Advisory

http://www.securityfocus.com/bid/95488

Source: secalert_us@oracle.com

http://www.securitytracker.com/id/1037637

Source: secalert_us@oracle.com

https://access.redhat.com/errata/RHSA-2017:1216

Source: secalert_us@oracle.com

https://erpscan.io/advisories/erpscan-17-006-oracle-openjdk-java-serialization-dos-vulnerability/

Source: secalert_us@oracle.com

https://security.gentoo.org/glsa/201701-65

Source: secalert_us@oracle.com

https://security.gentoo.org/glsa/201707-01

Source: secalert_us@oracle.com

https://security.netapp.com/advisory/ntap-20170119-0001/

Source: secalert_us@oracle.com

https://www.exploit-db.com/exploits/41145/

Source: secalert_us@oracle.com

http://rhn.redhat.com/errata/RHSA-2017-0175.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2017-0176.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2017-0177.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2017-0180.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2017-0263.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2017-0269.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2017-0336.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2017-0337.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2017-0338.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2017/dsa-3782

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://www.securityfocus.com/bid/95488

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1037637

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2017:1216

Source: af854a3a-2127-422b-91ae-364da2661108

https://erpscan.io/advisories/erpscan-17-006-oracle-openjdk-java-serialization-dos-vulnerability/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201701-65

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201707-01

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20170119-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/41145/

Source: af854a3a-2127-422b-91ae-364da2661108

38 reference(s) from NVD

Quick Stats

CVSS v3 Score

9.0 / 10.0

EPSS (Exploit Probability)

32.8%

98th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-20

Affected Vendors

oracle

Related CVEs

CVE-2026-48777 N/A

CVE-2026-47750 7.8

CVE-2026-47747 7.8

CVE-2026-46448 5.4

CVE-2026-22313 9.1