It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | java-1.7.0-openjdk | 2017-06-06 16:33 | ALAS-2017-835 |
Amazon Linux 1 | java-1.8.0-openjdk | 2017-05-09 23:21 | ALAS-2017-827 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 3.1 | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N |
NVD | CVSSv2 | 2.1 | AV:N/AC:H/Au:S/C:N/I:P/A:N |
NVD | CVSSv3 | 3.1 | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N |