CVE-2018-2796

MEDIUM

Description

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

http://www.securityfocus.com/bid/103868

http://www.securitytracker.com/id/1040697

https://access.redhat.com/errata/RHSA-2018:1188

https://access.redhat.com/errata/RHSA-2018:1191

https://access.redhat.com/errata/RHSA-2018:1201

https://access.redhat.com/errata/RHSA-2018:1202

https://access.redhat.com/errata/RHSA-2018:1204

https://access.redhat.com/errata/RHSA-2018:1206

https://access.redhat.com/errata/RHSA-2018:1270

https://access.redhat.com/errata/RHSA-2018:1278

https://access.redhat.com/errata/RHSA-2018:1721

https://access.redhat.com/errata/RHSA-2018:1722

https://access.redhat.com/errata/RHSA-2018:1723

https://access.redhat.com/errata/RHSA-2018:1724

https://access.redhat.com/errata/RHSA-2018:1974

https://access.redhat.com/errata/RHSA-2018:1975

https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

https://security.gentoo.org/glsa/201903-14

https://security.netapp.com/advisory/ntap-20180419-0001/

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us

https://usn.ubuntu.com/3644-1/

https://usn.ubuntu.com/3691-1/

https://www.debian.org/security/2018/dsa-4185

https://www.debian.org/security/2018/dsa-4225

Details

Source: MITRE

Published: 2018-04-19

Updated: 2020-09-08

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Impact Score: 1.4

Exploitability Score: 3.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:oracle:jdk:1.7.0:update171:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:update162:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.10.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update_171:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update_162:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.10.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:oracle:jrockit:r28.3.17:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*

cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*

cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

Configuration 6

OR

cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*

Configuration 7

OR

cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*

Tenable Plugins

View all (69 total)

IDNameProductFamilySeverity
127397NewStart CGSL MAIN 4.05 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0137)NessusNewStart CGSL Local Security Checks
medium
127385NewStart CGSL MAIN 4.05 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0131)NessusNewStart CGSL Local Security Checks
medium
127199NewStart CGSL CORE 5.04 / MAIN 5.04 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0032)NessusNewStart CGSL Local Security Checks
medium
127190NewStart CGSL CORE 5.04 / MAIN 5.04 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0027)NessusNewStart CGSL Local Security Checks
medium
700657Oracle Java SE 6 < Update 191 / 7 < Update 181 / 8 < Update 171 / 10 < Update 1 Multiple Vulnerabilities (April 2018 CPU)Nessus Network MonitorWeb Clients
high
123197openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2019-479)NessusSuSE Local Security Checks
medium
122836GLSA-201903-14 : Oracle JDK/JRE: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
121938Photon OS 2.0: Openjdk8 PHSA-2018-2.0-0039NessusPhotonOS Local Security Checks
high
121835Photon OS 1.0: Openjdk PHSA-2018-1.0-0130NessusPhotonOS Local Security Checks
medium
120060SUSE SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2018:2068-1)NessusSuSE Local Security Checks
medium
120046SUSE SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:1938-2)NessusSuSE Local Security Checks
medium
120045SUSE SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:1938-1)NessusSuSE Local Security Checks
medium
118268SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:1764-2)NessusSuSE Local Security Checks
medium
118267SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2018:1738-2)NessusSuSE Local Security Checks
medium
118264SUSE SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2018:1692-2)NessusSuSE Local Security Checks
medium
118263SUSE SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:1690-2)NessusSuSE Local Security Checks
medium
111932Photon OS 1.0: Mysql / Openjdk PHSA-2018-1.0-0130 (deprecated)NessusPhotonOS Local Security Checks
medium
111298Photon OS 2.0 : openjdk8 / httpd / librelp / zsh / libvirt (PhotonOS-PHSA-2018-2.0-0039) (deprecated)NessusPhotonOS Local Security Checks
high
110859EulerOS 2.0 SP3 : java-1.8.0-openjdk (EulerOS-SA-2018-1195)NessusHuawei Local Security Checks
medium
110857EulerOS 2.0 SP3 : java-1.7.0-openjdk (EulerOS-SA-2018-1193)NessusHuawei Local Security Checks
medium
110793RHEL 6 : java-1.8.0-ibm (RHSA-2018:1975)NessusRed Hat Local Security Checks
medium
110692RHEL 6 : java-1.7.1-ibm (RHSA-2018:1974)NessusRed Hat Local Security Checks
medium
110662Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-3691-1)NessusUbuntu Local Security Checks
medium
110638SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:1764-1)NessusSuSE Local Security Checks
medium
110620SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2018:1738-1)NessusSuSE Local Security Checks
medium
110590openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2018-641)NessusSuSE Local Security Checks
medium
110587openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2018-637)NessusSuSE Local Security Checks
medium
110546SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2018:1692-1)NessusSuSE Local Security Checks
medium
110544SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:1690-1)NessusSuSE Local Security Checks
medium
110424Debian DSA-4225-1 : openjdk-7 - security updateNessusDebian Local Security Checks
medium
110244CentOS 7 : java-1.7.0-openjdk (CESA-2018:1278)NessusCentOS Local Security Checks
medium
110240CentOS 7 : java-1.8.0-openjdk (CESA-2018:1191)NessusCentOS Local Security Checks
medium
110223SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2018:1458-1)NessusSuSE Local Security Checks
medium
110186SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2018:1447-1)NessusSuSE Local Security Checks
medium
110135EulerOS 2.0 SP2 : java-1.8.0-openjdk (EulerOS-SA-2018-1131)NessusHuawei Local Security Checks
medium
110134EulerOS 2.0 SP1 : java-1.8.0-openjdk (EulerOS-SA-2018-1130)NessusHuawei Local Security Checks
medium
110133EulerOS 2.0 SP2 : java-1.7.0-openjdk (EulerOS-SA-2018-1129)NessusHuawei Local Security Checks
medium
110132EulerOS 2.0 SP1 : java-1.7.0-openjdk (EulerOS-SA-2018-1128)NessusHuawei Local Security Checks
medium
110118RHEL 6 : java-1.7.1-ibm (RHSA-2018:1724)NessusRed Hat Local Security Checks
medium
110117RHEL 7 : java-1.7.1-ibm (RHSA-2018:1723)NessusRed Hat Local Security Checks
medium
110116RHEL 6 : java-1.8.0-ibm (RHSA-2018:1722)NessusRed Hat Local Security Checks
medium
110115RHEL 7 : java-1.8.0-ibm (RHSA-2018:1721)NessusRed Hat Local Security Checks
medium
109723Ubuntu 16.04 LTS / 17.10 : OpenJDK 8 vulnerabilities (USN-3644-1)NessusUbuntu Local Security Checks
medium
109695Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2018-1007)NessusAmazon Linux Local Security Checks
medium
109686Amazon Linux 2 : java-1.7.0-openjdk (ALAS-2018-1007)NessusAmazon Linux Local Security Checks
medium
109571Scientific Linux Security Update : java-1.7.0-openjdk on SL7.x x86_64 (20180502)NessusScientific Linux Local Security Checks
medium
109546RHEL 7 : java-1.7.0-openjdk (RHSA-2018:1278)NessusRed Hat Local Security Checks
medium
109542Oracle Linux 7 : java-1.7.0-openjdk (ELSA-2018-1278)NessusOracle Linux Local Security Checks
medium
109530CentOS 6 : java-1.7.0-openjdk (CESA-2018:1270)NessusCentOS Local Security Checks
medium
109527CentOS 6 : java-1.8.0-openjdk (CESA-2018:1188)NessusCentOS Local Security Checks
medium
109465Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20180430)NessusScientific Linux Local Security Checks
medium
109461Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (20180419)NessusScientific Linux Local Security Checks
medium
109444RHEL 6 : java-1.7.0-openjdk (RHSA-2018:1270)NessusRed Hat Local Security Checks
medium
109440Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2018-1270)NessusOracle Linux Local Security Checks
medium
109414Debian DSA-4185-1 : openjdk-8 - security updateNessusDebian Local Security Checks
medium
109367Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2018-1002)NessusAmazon Linux Local Security Checks
medium
109363Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2018-1002)NessusAmazon Linux Local Security Checks
medium
109307RHEL 6 : java-1.7.0-oracle (RHSA-2018:1206)NessusRed Hat Local Security Checks
medium
109305RHEL 7 : java-1.8.0-oracle (RHSA-2018:1204)NessusRed Hat Local Security Checks
medium
109303RHEL 6 : java-1.8.0-oracle (RHSA-2018:1202)NessusRed Hat Local Security Checks
medium
109302RHEL 7 : java-1.7.0-oracle (RHSA-2018:1201)NessusRed Hat Local Security Checks
medium
109207Oracle JRockit R28.3.17 Multiple Vulnerabilities (April 2018 CPU)NessusWindows
medium
109203Oracle Java SE Multiple Vulnerabilities (April 2018 CPU) (Unix)NessusMisc.
medium
109202Oracle Java SE Multiple Vulnerabilities (April 2018 CPU)NessusWindows
medium
109196Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (20180419)NessusScientific Linux Local Security Checks
medium
109195RHEL 7 : java-1.8.0-openjdk (RHSA-2018:1191)NessusRed Hat Local Security Checks
medium
109194RHEL 6 : java-1.8.0-openjdk (RHSA-2018:1188)NessusRed Hat Local Security Checks
medium
109193Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2018-1191)NessusOracle Linux Local Security Checks
medium
109192Oracle Linux 6 : java-1.8.0-openjdk (ELSA-2018-1188)NessusOracle Linux Local Security Checks
medium