CVE-2018-2657

Published Jan 18, 2018

Last updated 3 years ago

CVSS medium 5.3

Overview

Description: Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u171 and 7u161; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Source: secalert_us@oracle.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update171:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB929C7D-A5EE-4603-9414-E535408B41A1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update161:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4AA4AF8B-2E5E-4A5E-8930-B53A01A22C78"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update171:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A86C2A04-A51C-403A-AAB5-81872453022D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update161:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32F5FDBE-ED30-48A9-B130-A48309C7D2CD"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7283D6DD-DBFA-456F-9381-692B605B5625"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9"
          },
          {
            "criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1"
          },
          {
            "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
            "versionEndExcluding": "7.6.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:hp:xp_command_view:*:*:*:*:advanced:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5B13AEB-7C8C-49EB-BD13-CBA12CA529BA",
            "versionStartIncluding": "8.6.2-01"
          },
          {
            "criteria": "cpe:2.3:a:hp:xp_p9000_command_view:*:*:*:*:advanced:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA653F23-232D-4086-B9A4-4D809C87D9F1",
            "versionStartIncluding": "8.6.2-01"
          },
          {
            "criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E92000F8-241D-4731-809F-C1D32F99AF9A",
            "versionStartIncluding": "8.6.2-01"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References