Fluid Attacks Database

Description

It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel6	java-1.8.0-openjdk	<1:1.8.0.151-1.b12.el6_9	1:1.8.0.151-1.b12.el6_9
rpm rhel7	java-1.7.0-openjdk	<1:1.7.0.161-2.6.12.0.el7_4	1:1.7.0.161-2.6.12.0.el7_4
rpm rhel6	java-1.7.0-openjdk	<1:1.7.0.161-2.6.12.0.el6_9	1:1.7.0.161-2.6.12.0.el6_9
rpm rhel6	java-1.6.0-ibm	-	-
rpm rhel7	java-1.8.0-openjdk	<1:1.8.0.151-1.b12.el7_4	1:1.8.0.151-1.b12.el7_4

Aliases

1. CVE-2017-103552. NVD-2017-103553. OSV-2017-10355

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.