Search for vulnerabilities
Vulnerability details: VCID-papa-36fs-37ab
Vulnerability ID VCID-papa-36fs-37ab
Aliases CVE-2017-3241
Summary
Status Published
Exploitability 2.0
Weighted Severity 7.3
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-502 Deserialization of Untrusted Data
System Score Found at
ssvc Track http://rhn.redhat.com/errata/RHSA-2017-0175.html
ssvc Track http://rhn.redhat.com/errata/RHSA-2017-0176.html
ssvc Track http://rhn.redhat.com/errata/RHSA-2017-0177.html
ssvc Track http://rhn.redhat.com/errata/RHSA-2017-0180.html
ssvc Track http://rhn.redhat.com/errata/RHSA-2017-0263.html
ssvc Track http://rhn.redhat.com/errata/RHSA-2017-0269.html
ssvc Track http://rhn.redhat.com/errata/RHSA-2017-0336.html
ssvc Track http://rhn.redhat.com/errata/RHSA-2017-0337.html
ssvc Track http://rhn.redhat.com/errata/RHSA-2017-0338.html
ssvc Track https://access.redhat.com/errata/RHSA-2017:1216
cvssv3 8.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3241.json
epss 0.70166 https://api.first.org/data/v1/epss?cve=CVE-2017-3241
epss 0.70166 https://api.first.org/data/v1/epss?cve=CVE-2017-3241
epss 0.70166 https://api.first.org/data/v1/epss?cve=CVE-2017-3241
epss 0.70166 https://api.first.org/data/v1/epss?cve=CVE-2017-3241
epss 0.78326 https://api.first.org/data/v1/epss?cve=CVE-2017-3241
epss 0.78326 https://api.first.org/data/v1/epss?cve=CVE-2017-3241
epss 0.78326 https://api.first.org/data/v1/epss?cve=CVE-2017-3241
epss 0.78326 https://api.first.org/data/v1/epss?cve=CVE-2017-3241
epss 0.78326 https://api.first.org/data/v1/epss?cve=CVE-2017-3241
epss 0.78326 https://api.first.org/data/v1/epss?cve=CVE-2017-3241
epss 0.78326 https://api.first.org/data/v1/epss?cve=CVE-2017-3241
epss 0.78326 https://api.first.org/data/v1/epss?cve=CVE-2017-3241
ssvc Track https://erpscan.io/advisories/erpscan-17-006-oracle-openjdk-java-serialization-dos-vulnerability/
cvssv2 7.6 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc Track https://security.gentoo.org/glsa/201701-65
ssvc Track https://security.gentoo.org/glsa/201707-01
ssvc Track https://security.netapp.com/advisory/ntap-20170119-0001/
ssvc Track https://www.exploit-db.com/exploits/41145/
ssvc Track http://www.debian.org/security/2017/dsa-3782
ssvc Track http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
ssvc Track http://www.securityfocus.com/bid/95488
ssvc Track http://www.securitytracker.com/id/1037637
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3241.json
https://api.first.org/data/v1/epss?cve=CVE-2017-3241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5546
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5548
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5552
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3231
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3253
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3260
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3261
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3272
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3289
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1037637 http://www.securitytracker.com/id/1037637
1413955 https://bugzilla.redhat.com/show_bug.cgi?id=1413955
201701-65 https://security.gentoo.org/glsa/201701-65
201707-01 https://security.gentoo.org/glsa/201707-01
41145 https://www.exploit-db.com/exploits/41145/
95488 http://www.securityfocus.com/bid/95488
cpujan2017-2881727.html http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
CVE-2017-3241 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/41145.py
dsa-3782 http://www.debian.org/security/2017/dsa-3782
erpscan-17-006-oracle-openjdk-java-serialization-dos-vulnerability https://erpscan.io/advisories/erpscan-17-006-oracle-openjdk-java-serialization-dos-vulnerability/
ntap-20170119-0001 https://security.netapp.com/advisory/ntap-20170119-0001/
RHSA-2017:0175 https://access.redhat.com/errata/RHSA-2017:0175
RHSA-2017-0175.html http://rhn.redhat.com/errata/RHSA-2017-0175.html
RHSA-2017:0176 https://access.redhat.com/errata/RHSA-2017:0176
RHSA-2017-0176.html http://rhn.redhat.com/errata/RHSA-2017-0176.html
RHSA-2017:0177 https://access.redhat.com/errata/RHSA-2017:0177
RHSA-2017-0177.html http://rhn.redhat.com/errata/RHSA-2017-0177.html
RHSA-2017:0180 https://access.redhat.com/errata/RHSA-2017:0180
RHSA-2017-0180.html http://rhn.redhat.com/errata/RHSA-2017-0180.html
RHSA-2017:0263 https://access.redhat.com/errata/RHSA-2017:0263
RHSA-2017-0263.html http://rhn.redhat.com/errata/RHSA-2017-0263.html
RHSA-2017:0269 https://access.redhat.com/errata/RHSA-2017:0269
RHSA-2017-0269.html http://rhn.redhat.com/errata/RHSA-2017-0269.html
RHSA-2017:0336 https://access.redhat.com/errata/RHSA-2017:0336
RHSA-2017-0336.html http://rhn.redhat.com/errata/RHSA-2017-0336.html
RHSA-2017:0337 https://access.redhat.com/errata/RHSA-2017:0337
RHSA-2017-0337.html http://rhn.redhat.com/errata/RHSA-2017-0337.html
RHSA-2017:0338 https://access.redhat.com/errata/RHSA-2017:0338
RHSA-2017-0338.html http://rhn.redhat.com/errata/RHSA-2017-0338.html
RHSA-2017:1216 https://access.redhat.com/errata/RHSA-2017:1216
USN-3179-1 https://usn.ubuntu.com/3179-1/
USN-3194-1 https://usn.ubuntu.com/3194-1/
USN-3198-1 https://usn.ubuntu.com/3198-1/
Data source Exploit-DB
Date added Jan. 23, 2017
Description Oracle OpenJDK Runtime Environment 1.8.0_112-b15 - Java Serialization Denial Of Service
Ransomware campaign use Known
Source publication date Jan. 23, 2017
Exploit type dos
Platform multiple
Source update date Jan. 23, 2017
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:27:16Z/ Found at http://rhn.redhat.com/errata/RHSA-2017-0175.html
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:27:16Z/ Found at http://rhn.redhat.com/errata/RHSA-2017-0176.html
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:27:16Z/ Found at http://rhn.redhat.com/errata/RHSA-2017-0177.html
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:27:16Z/ Found at http://rhn.redhat.com/errata/RHSA-2017-0180.html
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:27:16Z/ Found at http://rhn.redhat.com/errata/RHSA-2017-0263.html
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:27:16Z/ Found at http://rhn.redhat.com/errata/RHSA-2017-0269.html
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:27:16Z/ Found at http://rhn.redhat.com/errata/RHSA-2017-0336.html
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:27:16Z/ Found at http://rhn.redhat.com/errata/RHSA-2017-0337.html
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:27:16Z/ Found at http://rhn.redhat.com/errata/RHSA-2017-0338.html
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:27:16Z/ Found at https://access.redhat.com/errata/RHSA-2017:1216
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3241.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:27:16Z/ Found at https://erpscan.io/advisories/erpscan-17-006-oracle-openjdk-java-serialization-dos-vulnerability/
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:27:16Z/ Found at https://security.gentoo.org/glsa/201701-65
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:27:16Z/ Found at https://security.gentoo.org/glsa/201707-01
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:27:16Z/ Found at https://security.netapp.com/advisory/ntap-20170119-0001/
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:27:16Z/ Found at https://www.exploit-db.com/exploits/41145/
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:27:16Z/ Found at http://www.debian.org/security/2017/dsa-3782
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:27:16Z/ Found at http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:27:16Z/ Found at http://www.securityfocus.com/bid/95488
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:27:16Z/ Found at http://www.securitytracker.com/id/1037637
Exploit Prediction Scoring System (EPSS)
Percentile 0.98619
EPSS Score 0.70166
Published At Aug. 1, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:36:19.102123+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/3198-1/ 37.0.0