CVE-2018-2796

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

http://www.securityfocus.com/bid/103868

http://www.securitytracker.com/id/1040697

https://access.redhat.com/errata/RHSA-2018:1188

https://access.redhat.com/errata/RHSA-2018:1191

https://access.redhat.com/errata/RHSA-2018:1201

https://access.redhat.com/errata/RHSA-2018:1202

https://access.redhat.com/errata/RHSA-2018:1204

https://access.redhat.com/errata/RHSA-2018:1206

https://access.redhat.com/errata/RHSA-2018:1270

https://access.redhat.com/errata/RHSA-2018:1278

https://access.redhat.com/errata/RHSA-2018:1721

https://access.redhat.com/errata/RHSA-2018:1722

https://access.redhat.com/errata/RHSA-2018:1723

https://access.redhat.com/errata/RHSA-2018:1724

https://access.redhat.com/errata/RHSA-2018:1974

https://access.redhat.com/errata/RHSA-2018:1975

https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

https://security.gentoo.org/glsa/201903-14

https://security.netapp.com/advisory/ntap-20180419-0001/

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us

https://usn.ubuntu.com/3644-1/

https://usn.ubuntu.com/3691-1/

https://www.debian.org/security/2018/dsa-4185

https://www.debian.org/security/2018/dsa-4225

Details

Source: MITRE

Published: 2018-04-19

Updated: 2020-09-08

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Impact Score: 1.4

Exploitability Score: 3.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:oracle:jdk:1.7.0:update171:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:update162:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.10.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update_171:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update_162:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.10.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:oracle:jrockit:r28.3.17:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*

cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*

cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

Configuration 6

OR

cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*

Configuration 7

OR

cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*

Tenable Plugins

View all (69 total)

IDNameProductFamilySeverity
127397NewStart CGSL MAIN 4.05 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0137)NessusNewStart CGSL Local Security Checks
high
127385NewStart CGSL MAIN 4.05 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0131)NessusNewStart CGSL Local Security Checks
high
127199NewStart CGSL CORE 5.04 / MAIN 5.04 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0032)NessusNewStart CGSL Local Security Checks
high
127190NewStart CGSL CORE 5.04 / MAIN 5.04 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0027)NessusNewStart CGSL Local Security Checks
high
700657Oracle Java SE 6 < Update 191 / 7 < Update 181 / 8 < Update 171 / 10 < Update 1 Multiple Vulnerabilities (April 2018 CPU)Nessus Network MonitorWeb Clients
high
123197openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2019-479)NessusSuSE Local Security Checks
high
122836GLSA-201903-14 : Oracle JDK/JRE: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
121938Photon OS 2.0: Openjdk8 PHSA-2018-2.0-0039NessusPhotonOS Local Security Checks
critical
121835Photon OS 1.0: Openjdk PHSA-2018-1.0-0130NessusPhotonOS Local Security Checks
high
120060SUSE SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2018:2068-1)NessusSuSE Local Security Checks
high
120046SUSE SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:1938-2)NessusSuSE Local Security Checks
high
120045SUSE SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:1938-1)NessusSuSE Local Security Checks
high
118268SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:1764-2)NessusSuSE Local Security Checks
high
118267SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2018:1738-2)NessusSuSE Local Security Checks
high
118264SUSE SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2018:1692-2)NessusSuSE Local Security Checks
high
118263SUSE SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:1690-2)NessusSuSE Local Security Checks
high
111932Photon OS 1.0: Mysql / Openjdk PHSA-2018-1.0-0130 (deprecated)NessusPhotonOS Local Security Checks
high
111298Photon OS 2.0 : openjdk8 / httpd / librelp / zsh / libvirt (PhotonOS-PHSA-2018-2.0-0039) (deprecated)NessusPhotonOS Local Security Checks
critical
110859EulerOS 2.0 SP3 : java-1.8.0-openjdk (EulerOS-SA-2018-1195)NessusHuawei Local Security Checks
high
110857EulerOS 2.0 SP3 : java-1.7.0-openjdk (EulerOS-SA-2018-1193)NessusHuawei Local Security Checks
high
110793RHEL 6 : java-1.8.0-ibm (RHSA-2018:1975)NessusRed Hat Local Security Checks
high
110692RHEL 6 : java-1.7.1-ibm (RHSA-2018:1974)NessusRed Hat Local Security Checks
high
110662Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-3691-1)NessusUbuntu Local Security Checks
high
110638SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:1764-1)NessusSuSE Local Security Checks
high
110620SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2018:1738-1)NessusSuSE Local Security Checks
high
110590openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2018-641)NessusSuSE Local Security Checks
high
110587openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2018-637)NessusSuSE Local Security Checks
high
110546SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2018:1692-1)NessusSuSE Local Security Checks
high
110544SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:1690-1)NessusSuSE Local Security Checks
high
110424Debian DSA-4225-1 : openjdk-7 - security updateNessusDebian Local Security Checks
high
110244CentOS 7 : java-1.7.0-openjdk (CESA-2018:1278)NessusCentOS Local Security Checks
high
110240CentOS 7 : java-1.8.0-openjdk (CESA-2018:1191)NessusCentOS Local Security Checks
high
110223SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2018:1458-1)NessusSuSE Local Security Checks
high
110186SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2018:1447-1)NessusSuSE Local Security Checks
high
110135EulerOS 2.0 SP2 : java-1.8.0-openjdk (EulerOS-SA-2018-1131)NessusHuawei Local Security Checks
high
110134EulerOS 2.0 SP1 : java-1.8.0-openjdk (EulerOS-SA-2018-1130)NessusHuawei Local Security Checks
high
110133EulerOS 2.0 SP2 : java-1.7.0-openjdk (EulerOS-SA-2018-1129)NessusHuawei Local Security Checks
high
110132EulerOS 2.0 SP1 : java-1.7.0-openjdk (EulerOS-SA-2018-1128)NessusHuawei Local Security Checks
high
110118RHEL 6 : java-1.7.1-ibm (RHSA-2018:1724)NessusRed Hat Local Security Checks
high
110117RHEL 7 : java-1.7.1-ibm (RHSA-2018:1723)NessusRed Hat Local Security Checks
high
110116RHEL 6 : java-1.8.0-ibm (RHSA-2018:1722)NessusRed Hat Local Security Checks
high
110115RHEL 7 : java-1.8.0-ibm (RHSA-2018:1721)NessusRed Hat Local Security Checks
high
109723Ubuntu 16.04 LTS / 17.10 : OpenJDK 8 vulnerabilities (USN-3644-1)NessusUbuntu Local Security Checks
high
109695Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2018-1007)NessusAmazon Linux Local Security Checks
high
109686Amazon Linux 2 : java-1.7.0-openjdk (ALAS-2018-1007)NessusAmazon Linux Local Security Checks
high
109571Scientific Linux Security Update : java-1.7.0-openjdk on SL7.x x86_64 (20180502)NessusScientific Linux Local Security Checks
high
109546RHEL 7 : java-1.7.0-openjdk (RHSA-2018:1278)NessusRed Hat Local Security Checks
high
109542Oracle Linux 7 : java-1.7.0-openjdk (ELSA-2018-1278)NessusOracle Linux Local Security Checks
high
109530CentOS 6 : java-1.7.0-openjdk (CESA-2018:1270)NessusCentOS Local Security Checks
high
109527CentOS 6 : java-1.8.0-openjdk (CESA-2018:1188)NessusCentOS Local Security Checks
high
109465Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20180430)NessusScientific Linux Local Security Checks
high
109461Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (20180419)NessusScientific Linux Local Security Checks
high
109444RHEL 6 : java-1.7.0-openjdk (RHSA-2018:1270)NessusRed Hat Local Security Checks
high
109440Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2018-1270)NessusOracle Linux Local Security Checks
high
109414Debian DSA-4185-1 : openjdk-8 - security updateNessusDebian Local Security Checks
high
109367Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2018-1002)NessusAmazon Linux Local Security Checks
high
109363Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2018-1002)NessusAmazon Linux Local Security Checks
high
109307RHEL 6 : java-1.7.0-oracle (RHSA-2018:1206)NessusRed Hat Local Security Checks
high
109305RHEL 7 : java-1.8.0-oracle (RHSA-2018:1204)NessusRed Hat Local Security Checks
high
109303RHEL 6 : java-1.8.0-oracle (RHSA-2018:1202)NessusRed Hat Local Security Checks
high
109302RHEL 7 : java-1.7.0-oracle (RHSA-2018:1201)NessusRed Hat Local Security Checks
high
109207Oracle JRockit R28.3.17 Multiple Vulnerabilities (April 2018 CPU)NessusWindows
high
109203Oracle Java SE Multiple Vulnerabilities (April 2018 CPU) (Unix)NessusMisc.
high
109202Oracle Java SE Multiple Vulnerabilities (April 2018 CPU)NessusWindows
high
109196Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (20180419)NessusScientific Linux Local Security Checks
high
109195RHEL 7 : java-1.8.0-openjdk (RHSA-2018:1191)NessusRed Hat Local Security Checks
high
109194RHEL 6 : java-1.8.0-openjdk (RHSA-2018:1188)NessusRed Hat Local Security Checks
high
109193Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2018-1191)NessusOracle Linux Local Security Checks
high
109192Oracle Linux 6 : java-1.8.0-openjdk (ELSA-2018-1188)NessusOracle Linux Local Security Checks
high