CVE-2018-2657
Summary
| CVE | CVE-2018-2657 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-01-18 02:29:00 UTC |
| Updated | 2022-05-13 14:57:00 UTC |
| Description | Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u171 and 7u161; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Hp | Xp7 Command View | All | All | All | All |
| Application | Hp | Xp7 Command View | All | All | All | All |
| Application | Hp | Xp Command View | All | All | All | All |
| Application | Hp | Xp Command View | All | All | All | All |
| Application | Hp | Xp P9000 Command View | All | All | All | All |
| Application | Hp | Xp P9000 Command View | All | All | All | All |
| Application | Oracle | Jdk | 1.6.0 | update171 | All | All |
| Application | Oracle | Jdk | 1.6.0 | update_171 | All | All |
| Application | Oracle | Jdk | 1.7.0 | update161 | All | All |
| Application | Oracle | Jdk | 1.6.0 | update_171 | All | All |
| Application | Oracle | Jdk | 1.7.0 | update161 | All | All |
| Application | Oracle | Jre | 1.6.0 | update171 | All | All |
| Application | Oracle | Jre | 1.6.0 | update_171 | All | All |
| Application | Oracle | Jre | 1.7.0 | update161 | All | All |
| Application | Oracle | Jre | 1.7.0 | update_161 | All | All |
| Application | Oracle | Jre | 1.6.0 | update_171 | All | All |
| Application | Oracle | Jre | 1.7.0 | update_161 | All | All |
| Application | Oracle | Jrockit | r28.3.16 | All | All | All |
| Application | Oracle | Jrockit | r28.3.16 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Application | Redhat | Satellite | 5.6 | All | All | All |
| Application | Redhat | Satellite | 5.7 | All | All | All |
| Application | Redhat | Satellite | 5.8 | All | All | All |
| Application | Redhat | Satellite | 5.6 | All | All | All |
| Application | Redhat | Satellite | 5.7 | All | All | All |
| Application | Redhat | Satellite | 5.8 | All | All | All |
| Application | Schneider-electric | Struxureware Data Center Expert | All | All | All | All |
| Application | Schneider-electric | Struxureware Data Center Expert | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Document Display | HPE Support Center | CONFIRM | support.hpe.com | Third Party Advisory |
| Oracle Java SE Multiple Flaws Let Remote Users Access and Modify Data, Deny Service, and Gain Elevated Privileges and Let Local Users Gain Elevated Privileges - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| Oracle Critical Patch Update - January 2018 | CONFIRM | www.oracle.com | Patch |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| DCIM Support | CONFIRM | help.ecostruxureit.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| Oracle Java SE and JRockit CVE-2018-2657 Remote Security Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| January 2018 Java Platform Standard Edition Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.