How severe is CVE-2017-3526?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2017-3526?

This is classified as NVD-CWE-Other, which is a common weakness in software security.

CVE-2017-3526

MEDIUM Year: 2017

CVSS v3 Score

5.9

Medium

CVSS v2 Score

7.1

High

Weakness Type

NVD-CWE-Other

View all →

Vulnerability Description

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVE-2004-1464

MEDIUM

CVSS:5.9(Medium)

Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.

NVD-CWE-Other2004

CVE-2015-5370

MEDIUM

CVSS:5.9(Medium)

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a ...

NVD-CWE-Other2015

CVE-2015-7744

MEDIUM

CVSS:5.9(Medium)

wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations...

NVD-CWE-Other2015

CVE-2015-8158

MEDIUM

CVSS:5.9(Medium)

The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.

NVD-CWE-Other2015

CVE-2015-8288

MEDIUM

CVSS:5.9(Medium)

NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote atta...

NVD-CWE-Other2015

CVE-2016-0677

MEDIUM

CVSS:5.9(Medium)

Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors.

NVD-CWE-Other2016

CVE-2017-3526

Vulnerability Description

Related Vulnerabilities

CVE-2004-1464

CVE-2015-5370

CVE-2015-7744

CVE-2015-8158

CVE-2015-8288

CVE-2016-0677