Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle
Java SE (subcomponent: JGSS). Supported versions that are affected are Java
SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit:
R28.3.16. Difficult to exploit vulnerability allows unauthenticated
attacker with network access via multiple protocols to compromise Java SE,
Java SE Embedded, JRockit. Successful attacks require human interaction
from a person other than the attacker. Successful attacks of this
vulnerability can result in unauthorized creation, deletion or modification
access to critical data or all Java SE, Java SE Embedded, JRockit
accessible data. Note: This vulnerability applies to client and server
deployment of Java. This vulnerability can be exploited through sandboxed
Java Web Start applications and sandboxed Java applets. It can also be
exploited by supplying data to APIs in the specified Component without
using sandboxed Java Web Start applications or sandboxed Java applets, such
as through a web service. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS
Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).

It was discovered that the Java GSS implementation in OpenJDK in some
situations did not properly handle GSS contexts in the native GSS
library. An attacker could possibly use this to access unauthorized
resources.