CVE-2018-2952
Summary
| CVE | CVE-2018-2952 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-07-18 13:29:00 UTC |
| Updated | 2022-10-06 18:55:00 UTC |
| Description | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Application | Hp | Xp7 Command View | All | All | All | All |
| Application | Netapp | Active Iq Unified Manager | - | All | All | All |
| Application | Netapp | Active Iq Unified Manager | - | All | All | All |
| Application | Netapp | Cloud Backup | - | All | All | All |
| Application | Netapp | E-series Santricity Os Controller | All | All | All | All |
| Application | Netapp | E-series Santricity Storage Manager | - | All | All | All |
| Application | Netapp | Oncommand Insight | - | All | All | All |
| Application | Netapp | Oncommand Unified Manager | - | All | All | All |
| Application | Netapp | Oncommand Workflow Automation | - | All | All | All |
| Application | Netapp | Plug-in For Symantec Netbackup | - | All | All | All |
| Application | Netapp | Snapmanager | - | All | All | All |
| Application | Netapp | Snapmanager | - | All | All | All |
| Application | Netapp | Steelstore Cloud Integrated Storage | - | All | All | All |
| Application | Netapp | Storage Replication Adapter For Clustered Data Ontap | All | All | All | All |
| Application | Netapp | Vasa Provider For Clustered Data Ontap | All | All | All | All |
| Application | Netapp | Virtual Storage Console | All | All | All | All |
| Application | Oracle | Jdk | 1.6.0 | update191 | All | All |
| Application | Oracle | Jdk | 1.6.0 | update_191 | All | All |
| Application | Oracle | Jdk | 1.7.0 | update181 | All | All |
| Application | Oracle | Jdk | 1.8.0 | update172 | All | All |
| Application | Oracle | Jdk | 10.0.1 | All | All | All |
| Application | Oracle | Jdk | 1.6.0 | update_191 | All | All |
| Application | Oracle | Jdk | 1.7.0 | update181 | All | All |
| Application | Oracle | Jdk | 1.8.0 | update172 | All | All |
| Application | Oracle | Jdk | 10.0.1 | All | All | All |
| Application | Oracle | Jre | 1.6.0 | update191 | All | All |
| Application | Oracle | Jre | 1.6.0 | update_191 | All | All |
| Application | Oracle | Jre | 1.7.0 | update181 | All | All |
| Application | Oracle | Jre | 1.7.0 | update_181 | All | All |
| Application | Oracle | Jre | 1.8.0 | update172 | All | All |
| Application | Oracle | Jre | 1.8.0 | update_172 | All | All |
| Application | Oracle | Jre | 10.0.1 | All | All | All |
| Application | Oracle | Jre | 1.6.0 | update_191 | All | All |
| Application | Oracle | Jre | 1.7.0 | update_181 | All | All |
| Application | Oracle | Jre | 1.8.0 | update_172 | All | All |
| Application | Oracle | Jre | 10.0.1 | All | All | All |
| Application | Oracle | Jrockit | r28.3.18 | All | All | All |
| Application | Oracle | Jrockit | r28.3.18 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 7.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
| Application | Redhat | Satellite | 5.6 | All | All | All |
| Application | Redhat | Satellite | 5.7 | All | All | All |
| Application | Redhat | Satellite | 5.8 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| July 2018 Java Platform Standard Edition Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Document Display | HPE Support Center | CONFIRM | support.hpe.com | |
| Document Display | HPE Support Center | CONFIRM | support.hpe.com | |
| Oracle Java SE and JRockit CVE-2018-2952 Remote Security Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CPU July 2018 | CONFIRM | www.oracle.com | Patch, Vendor Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| USN-3734-1: OpenJDK 8 vulnerability | Ubuntu security notices | UBUNTU | usn.ubuntu.com | |
| Oracle Java SE Multiple FLaws Let Remote Users Access and Modify Data, Deny Service, and Gain Elevated Privileges - SecurityTracker | SECTRACK | www.securitytracker.com | |
| USN-3747-1: OpenJDK 10 vulnerabilities | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Debian -- Security Information -- DSA-4268-1 openjdk-8 | DEBIAN | www.debian.org | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| USN-3735-1: OpenJDK 7 vulnerability | Ubuntu security notices | UBUNTU | usn.ubuntu.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| [SECURITY] [DLA 1590-1] openjdk-7 security update | MLIST | lists.debian.org | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 501215 Alpine Linux Security Update for openjdk8