CVE-2018-2952

MEDIUM

Description

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.securityfocus.com/bid/104765

http://www.securitytracker.com/id/1041302

https://access.redhat.com/errata/RHSA-2018:2241

https://access.redhat.com/errata/RHSA-2018:2242

https://access.redhat.com/errata/RHSA-2018:2253

https://access.redhat.com/errata/RHSA-2018:2254

https://access.redhat.com/errata/RHSA-2018:2255

https://access.redhat.com/errata/RHSA-2018:2256

https://access.redhat.com/errata/RHSA-2018:2283

https://access.redhat.com/errata/RHSA-2018:2286

https://access.redhat.com/errata/RHSA-2018:2568

https://access.redhat.com/errata/RHSA-2018:2569

https://access.redhat.com/errata/RHSA-2018:2575

https://access.redhat.com/errata/RHSA-2018:2576

https://access.redhat.com/errata/RHSA-2018:2712

https://access.redhat.com/errata/RHSA-2018:2713

https://access.redhat.com/errata/RHSA-2018:3007

https://access.redhat.com/errata/RHSA-2018:3008

https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html

https://security.netapp.com/advisory/ntap-20180726-0001/

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03882en_us

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03928en_us

https://usn.ubuntu.com/3734-1/

https://usn.ubuntu.com/3735-1/

https://usn.ubuntu.com/3747-1/

https://www.debian.org/security/2018/dsa-4268

Details

Source: MITRE

Published: 2018-07-18

Updated: 2020-09-08

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Impact Score: 1.4

Exploitability Score: 2.2

Severity: LOW

Tenable Plugins

View all (71 total)

IDNameProductFamilySeverity
136100Photon OS 3.0: Openjdk11 PHSA-2020-3.0-0084NessusPhotonOS Local Security Checks
medium
127397NewStart CGSL MAIN 4.05 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0137)NessusNewStart CGSL Local Security Checks
medium
127385NewStart CGSL MAIN 4.05 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0131)NessusNewStart CGSL Local Security Checks
medium
127199NewStart CGSL CORE 5.04 / MAIN 5.04 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0032)NessusNewStart CGSL Local Security Checks
medium
127190NewStart CGSL CORE 5.04 / MAIN 5.04 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0027)NessusNewStart CGSL Local Security Checks
medium
700658Oracle Java SE 6 < Update 201 / 7 < Update 191 / 8 < Update 181 / 10 < Update 2 Multiple Vulnerabilities (July 2018 CPU)Nessus Network MonitorWeb Clients
medium
123333openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2019-774)NessusSuSE Local Security Checks
medium
123250openSUSE Security Update : java-11-openjdk (openSUSE-2019-575)NessusSuSE Local Security Checks
medium
123247openSUSE Security Update : java-10-openjdk (openSUSE-2019-570)NessusSuSE Local Security Checks
medium
121151openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2019-42) (Spectre)NessusSuSE Local Security Checks
medium
121059SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2019:0049-1) (Spectre)NessusSuSE Local Security Checks
medium
120126SUSE SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2018:3082-1)NessusSuSE Local Security Checks
critical
120122SUSE SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:3045-1)NessusSuSE Local Security Checks
medium
120065SUSE SLED15 / SLES15 Security Update : java-10-openjdk (SUSE-SU-2018:2083-1)NessusSuSE Local Security Checks
medium
119105Debian DLA-1590-1 : openjdk-7 security updateNessusDebian Local Security Checks
medium
118377RHEL 6 : java-1.6.0-sun (RHSA-2018:3008)NessusRed Hat Local Security Checks
medium
118376RHEL 7 : java-1.6.0-sun (RHSA-2018:3007)NessusRed Hat Local Security Checks
medium
118300SUSE SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:3064-2) (Spectre)NessusSuSE Local Security Checks
medium
118293SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2018:2839-2)NessusSuSE Local Security Checks
critical
118288SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:2649-2)NessusSuSE Local Security Checks
medium
118109openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2018-1143) (Spectre)NessusSuSE Local Security Checks
medium
117992SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:3064-1) (Spectre)NessusSuSE Local Security Checks
medium
117986openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2018-1138)NessusSuSE Local Security Checks
medium
117739EulerOS 2.0 SP3 : java-1.8.0-openjdk (EulerOS-SA-2018-1295)NessusHuawei Local Security Checks
medium
117738EulerOS 2.0 SP2 : java-1.8.0-openjdk (EulerOS-SA-2018-1294)NessusHuawei Local Security Checks
medium
117737EulerOS 2.0 SP3 : java-1.7.0-openjdk (EulerOS-SA-2018-1293)NessusHuawei Local Security Checks
medium
117736EulerOS 2.0 SP2 : java-1.7.0-openjdk (EulerOS-SA-2018-1292)NessusHuawei Local Security Checks
medium
117700SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2018:2839-1)NessusSuSE Local Security Checks
critical
117587RHEL 6 : java-1.8.0-ibm (RHSA-2018:2713)NessusRed Hat Local Security Checks
critical
117535RHEL 6 : java-1.7.1-ibm (RHSA-2018:2712)NessusRed Hat Local Security Checks
medium
117479Ubuntu 18.04 LTS : OpenJDK 10 regression (USN-3747-2)NessusUbuntu Local Security Checks
medium
117385SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:2649-1)NessusSuSE Local Security Checks
medium
112274SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2018:2583-1)NessusSuSE Local Security Checks
medium
112273SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2018:2574-1)NessusSuSE Local Security Checks
medium
112179RHEL 6 : java-1.7.1-ibm (RHSA-2018:2576)NessusRed Hat Local Security Checks
medium
112178RHEL 6 : java-1.8.0-ibm (RHSA-2018:2575)NessusRed Hat Local Security Checks
critical
112132RHEL 7 : java-1.7.1-ibm (RHSA-2018:2569)NessusRed Hat Local Security Checks
medium
112131RHEL 7 : java-1.8.0-ibm (RHSA-2018:2568)NessusRed Hat Local Security Checks
critical
112091Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2018-1064)NessusAmazon Linux Local Security Checks
medium
112089Amazon Linux 2 : java-1.7.0-openjdk (ALAS-2018-1064)NessusAmazon Linux Local Security Checks
medium
112033Ubuntu 18.04 LTS : OpenJDK 10 vulnerabilities (USN-3747-1)NessusUbuntu Local Security Checks
medium
111652Debian DSA-4268-1 : openjdk-8 - security updateNessusDebian Local Security Checks
medium
111641Ubuntu 14.04 LTS : OpenJDK 7 vulnerability (USN-3735-1)NessusUbuntu Local Security Checks
medium
111640Ubuntu 16.04 LTS : OpenJDK 8 vulnerability (USN-3734-1)NessusUbuntu Local Security Checks
medium
111616CentOS 7 : java-1.7.0-openjdk (CESA-2018:2286)NessusCentOS Local Security Checks
medium
111613CentOS 6 : java-1.7.0-openjdk (CESA-2018:2283)NessusCentOS Local Security Checks
medium
111609Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2018-1054)NessusAmazon Linux Local Security Checks
medium
111608Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2018-1054)NessusAmazon Linux Local Security Checks
medium
111597openSUSE Security Update : java-11-openjdk (openSUSE-2018-830)NessusSuSE Local Security Checks
medium
111572openSUSE Security Update : java-10-openjdk (openSUSE-2018-810)NessusSuSE Local Security Checks
medium
111495Scientific Linux Security Update : java-1.7.0-openjdk on SL7.x x86_64 (20180730)NessusScientific Linux Local Security Checks
medium
111494Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20180730)NessusScientific Linux Local Security Checks
medium
111491RHEL 7 : java-1.7.0-openjdk (RHSA-2018:2286)NessusRed Hat Local Security Checks
medium
111488RHEL 6 : java-1.7.0-openjdk (RHSA-2018:2283)NessusRed Hat Local Security Checks
medium
111484Oracle Linux 7 : java-1.7.0-openjdk (ELSA-2018-2286)NessusOracle Linux Local Security Checks
medium
111481Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2018-2283)NessusOracle Linux Local Security Checks
medium
111355CentOS 6 : java-1.8.0-openjdk (CESA-2018:2241)NessusCentOS Local Security Checks
medium
111340CentOS 7 : java-1.8.0-openjdk (CESA-2018:2242)NessusCentOS Local Security Checks
medium
111327RHEL 6 : java-1.8.0-oracle (RHSA-2018:2256)NessusRed Hat Local Security Checks
medium
111326RHEL 6 : java-1.7.0-oracle (RHSA-2018:2255)NessusRed Hat Local Security Checks
medium
111325RHEL 7 : java-1.7.0-oracle (RHSA-2018:2254)NessusRed Hat Local Security Checks
medium
111324RHEL 7 : java-1.8.0-oracle (RHSA-2018:2253)NessusRed Hat Local Security Checks
medium
111259Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (20180723)NessusScientific Linux Local Security Checks
medium
111258Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (20180723)NessusScientific Linux Local Security Checks
medium
111257RHEL 7 : java-1.8.0-openjdk (RHSA-2018:2242)NessusRed Hat Local Security Checks
medium
111256RHEL 6 : java-1.8.0-openjdk (RHSA-2018:2241)NessusRed Hat Local Security Checks
medium
111254Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2018-2242)NessusOracle Linux Local Security Checks
medium
111253Oracle Linux 6 : java-1.8.0-openjdk (ELSA-2018-2241)NessusOracle Linux Local Security Checks
medium
111214Oracle JRockit R28.3.18 Multiple Vulnerabilities (July 2018 CPU)NessusWindows
medium
111163Oracle Java SE Multiple Vulnerabilities (July 2018 CPU)NessusWindows
medium
111162Oracle Java SE Multiple Vulnerabilities (July 2018 CPU) (Unix)NessusMisc.
medium