CVE-2017-10067

Source
Severity High
Remote Yes
Type Authentication bypass
Description
It was discovered that the JAR (Java ARchive) verifier in the Security component of OpenJDK did not correctly handle files inside archives with missing digest.  An attacker could possibly use this flaw to manipulate content of a singed JAR, bypassing intended verification.
Group Package Affected Fixed Severity Status Ticket
AVG-380 jdk7-openjdk 7.u131_2.6.9-1 7.u151_2.6.11-1 Critical Fixed
Date Advisory Group Package Severity Description
12 Aug 2017 ASA-201708-8 AVG-380 jdk7-openjdk Critical multiple issues
References
http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/c729ab3b13ae