CVE-2018-2952

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.securityfocus.com/bid/104765

http://www.securitytracker.com/id/1041302

https://access.redhat.com/errata/RHSA-2018:2241

https://access.redhat.com/errata/RHSA-2018:2242

https://access.redhat.com/errata/RHSA-2018:2253

https://access.redhat.com/errata/RHSA-2018:2254

https://access.redhat.com/errata/RHSA-2018:2255

https://access.redhat.com/errata/RHSA-2018:2256

https://access.redhat.com/errata/RHSA-2018:2283

https://access.redhat.com/errata/RHSA-2018:2286

https://access.redhat.com/errata/RHSA-2018:2568

https://access.redhat.com/errata/RHSA-2018:2569

https://access.redhat.com/errata/RHSA-2018:2575

https://access.redhat.com/errata/RHSA-2018:2576

https://access.redhat.com/errata/RHSA-2018:2712

https://access.redhat.com/errata/RHSA-2018:2713

https://access.redhat.com/errata/RHSA-2018:3007

https://access.redhat.com/errata/RHSA-2018:3008

https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html

https://security.netapp.com/advisory/ntap-20180726-0001/

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03882en_us

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03928en_us

https://usn.ubuntu.com/3734-1/

https://usn.ubuntu.com/3735-1/

https://usn.ubuntu.com/3747-1/

https://www.debian.org/security/2018/dsa-4268

Details

Source: MITRE

Published: 2018-07-18

Updated: 2020-09-08

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Impact Score: 1.4

Exploitability Score: 2.2

Severity: LOW

Tenable Plugins

View all (71 total)

IDNameProductFamilySeverity
136100Photon OS 3.0: Openjdk11 PHSA-2020-3.0-0084NessusPhotonOS Local Security Checks
critical
127397NewStart CGSL MAIN 4.05 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0137)NessusNewStart CGSL Local Security Checks
high
127385NewStart CGSL MAIN 4.05 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0131)NessusNewStart CGSL Local Security Checks
high
127199NewStart CGSL CORE 5.04 / MAIN 5.04 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0032)NessusNewStart CGSL Local Security Checks
high
127190NewStart CGSL CORE 5.04 / MAIN 5.04 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0027)NessusNewStart CGSL Local Security Checks
high
700658Oracle Java SE 6 < Update 201 / 7 < Update 191 / 8 < Update 181 / 10 < Update 2 Multiple Vulnerabilities (July 2018 CPU)Nessus Network MonitorWeb Clients
critical
123333openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2019-774)NessusSuSE Local Security Checks
critical
123250openSUSE Security Update : java-11-openjdk (openSUSE-2019-575)NessusSuSE Local Security Checks
medium
123247openSUSE Security Update : java-10-openjdk (openSUSE-2019-570)NessusSuSE Local Security Checks
medium
121151openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2019-42) (Spectre)NessusSuSE Local Security Checks
medium
121059SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2019:0049-1) (Spectre)NessusSuSE Local Security Checks
medium
120126SUSE SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2018:3082-1)NessusSuSE Local Security Checks
critical
120122SUSE SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:3045-1)NessusSuSE Local Security Checks
critical
120065SUSE SLED15 / SLES15 Security Update : java-10-openjdk (SUSE-SU-2018:2083-1)NessusSuSE Local Security Checks
medium
119105Debian DLA-1590-1 : openjdk-7 security updateNessusDebian Local Security Checks
high
118377RHEL 6 : java-1.6.0-sun (RHSA-2018:3008)NessusRed Hat Local Security Checks
high
118376RHEL 7 : java-1.6.0-sun (RHSA-2018:3007)NessusRed Hat Local Security Checks
high
118300SUSE SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:3064-2) (Spectre)NessusSuSE Local Security Checks
critical
118293SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2018:2839-2)NessusSuSE Local Security Checks
critical
118288SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:2649-2)NessusSuSE Local Security Checks
high
118109openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2018-1143) (Spectre)NessusSuSE Local Security Checks
critical
117992SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:3064-1) (Spectre)NessusSuSE Local Security Checks
critical
117986openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2018-1138)NessusSuSE Local Security Checks
critical
117739EulerOS 2.0 SP3 : java-1.8.0-openjdk (EulerOS-SA-2018-1295)NessusHuawei Local Security Checks
low
117738EulerOS 2.0 SP2 : java-1.8.0-openjdk (EulerOS-SA-2018-1294)NessusHuawei Local Security Checks
low
117737EulerOS 2.0 SP3 : java-1.7.0-openjdk (EulerOS-SA-2018-1293)NessusHuawei Local Security Checks
low
117736EulerOS 2.0 SP2 : java-1.7.0-openjdk (EulerOS-SA-2018-1292)NessusHuawei Local Security Checks
low
117700SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2018:2839-1)NessusSuSE Local Security Checks
critical
117587RHEL 6 : java-1.8.0-ibm (RHSA-2018:2713)NessusRed Hat Local Security Checks
critical
117535RHEL 6 : java-1.7.1-ibm (RHSA-2018:2712)NessusRed Hat Local Security Checks
high
117479Ubuntu 18.04 LTS : OpenJDK 10 regression (USN-3747-2)NessusUbuntu Local Security Checks
high
117385SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:2649-1)NessusSuSE Local Security Checks
high
112274SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2018:2583-1)NessusSuSE Local Security Checks
high
112273SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2018:2574-1)NessusSuSE Local Security Checks
high
112179RHEL 6 : java-1.7.1-ibm (RHSA-2018:2576)NessusRed Hat Local Security Checks
high
112178RHEL 6 : java-1.8.0-ibm (RHSA-2018:2575)NessusRed Hat Local Security Checks
critical
112132RHEL 7 : java-1.7.1-ibm (RHSA-2018:2569)NessusRed Hat Local Security Checks
high
112131RHEL 7 : java-1.8.0-ibm (RHSA-2018:2568)NessusRed Hat Local Security Checks
critical
112091Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2018-1064)NessusAmazon Linux Local Security Checks
low
112089Amazon Linux 2 : java-1.7.0-openjdk (ALAS-2018-1064)NessusAmazon Linux Local Security Checks
low
112033Ubuntu 18.04 LTS : OpenJDK 10 vulnerabilities (USN-3747-1)NessusUbuntu Local Security Checks
high
111652Debian DSA-4268-1 : openjdk-8 - security updateNessusDebian Local Security Checks
low
111641Ubuntu 14.04 LTS : OpenJDK 7 vulnerability (USN-3735-1)NessusUbuntu Local Security Checks
low
111640Ubuntu 16.04 LTS : OpenJDK 8 vulnerability (USN-3734-1)NessusUbuntu Local Security Checks
low
111616CentOS 7 : java-1.7.0-openjdk (CESA-2018:2286)NessusCentOS Local Security Checks
low
111613CentOS 6 : java-1.7.0-openjdk (CESA-2018:2283)NessusCentOS Local Security Checks
low
111609Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2018-1054)NessusAmazon Linux Local Security Checks
low
111608Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2018-1054)NessusAmazon Linux Local Security Checks
low
111597openSUSE Security Update : java-11-openjdk (openSUSE-2018-830)NessusSuSE Local Security Checks
medium
111572openSUSE Security Update : java-10-openjdk (openSUSE-2018-810)NessusSuSE Local Security Checks
medium
111495Scientific Linux Security Update : java-1.7.0-openjdk on SL7.x x86_64 (20180730)NessusScientific Linux Local Security Checks
low
111494Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20180730)NessusScientific Linux Local Security Checks
low
111491RHEL 7 : java-1.7.0-openjdk (RHSA-2018:2286)NessusRed Hat Local Security Checks
low
111488RHEL 6 : java-1.7.0-openjdk (RHSA-2018:2283)NessusRed Hat Local Security Checks
low
111484Oracle Linux 7 : java-1.7.0-openjdk (ELSA-2018-2286)NessusOracle Linux Local Security Checks
low
111481Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2018-2283)NessusOracle Linux Local Security Checks
low
111355CentOS 6 : java-1.8.0-openjdk (CESA-2018:2241)NessusCentOS Local Security Checks
low
111340CentOS 7 : java-1.8.0-openjdk (CESA-2018:2242)NessusCentOS Local Security Checks
low
111327RHEL 6 : java-1.8.0-oracle (RHSA-2018:2256)NessusRed Hat Local Security Checks
high
111326RHEL 6 : java-1.7.0-oracle (RHSA-2018:2255)NessusRed Hat Local Security Checks
high
111325RHEL 7 : java-1.7.0-oracle (RHSA-2018:2254)NessusRed Hat Local Security Checks
high
111324RHEL 7 : java-1.8.0-oracle (RHSA-2018:2253)NessusRed Hat Local Security Checks
high
111259Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (20180723)NessusScientific Linux Local Security Checks
low
111258Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (20180723)NessusScientific Linux Local Security Checks
low
111257RHEL 7 : java-1.8.0-openjdk (RHSA-2018:2242)NessusRed Hat Local Security Checks
low
111256RHEL 6 : java-1.8.0-openjdk (RHSA-2018:2241)NessusRed Hat Local Security Checks
low
111254Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2018-2242)NessusOracle Linux Local Security Checks
low
111253Oracle Linux 6 : java-1.8.0-openjdk (ELSA-2018-2241)NessusOracle Linux Local Security Checks
low
111214Oracle JRockit R28.3.18 Multiple Vulnerabilities (July 2018 CPU)NessusWindows
critical
111163Oracle Java SE Multiple Vulnerabilities (July 2018 CPU)NessusWindows
critical
111162Oracle Java SE Multiple Vulnerabilities (July 2018 CPU) (Unix)NessusMisc.
critical