CVE-2018-3180 - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: J

CVE-2018-3180

Summary

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).

References

Vulnerable Configurations

cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update182:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update182:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update182:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update182:*:*:*:*:*:*
cpe:2.3:a:oracle:jrockit:r28.3.19:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jrockit:r28.3.19:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:a:hp:xp7_command_view:-:*:*:*:advanced:*:*:*
cpe:2.3:a:hp:xp7_command_view:-:*:*:*:advanced:*:*:*
cpe:2.3:a:hp:xp7_command_view:8.4.0:*:*:*:advanced:*:*:*
cpe:2.3:a:hp:xp7_command_view:8.4.0:*:*:*:advanced:*:*:*
cpe:2.3:a:hp:xp7_command_view:8.4.1:*:*:*:advanced:*:*:*
cpe:2.3:a:hp:xp7_command_view:8.4.1:*:*:*:advanced:*:*:*
cpe:2.3:a:hp:xp7_command_view:8.6.2-01:*:*:*:advanced:*:*:*
cpe:2.3:a:hp:xp7_command_view:8.6.2-01:*:*:*:advanced:*:*:*

CVSS

Base:	6.8 (as of 27-06-2022 - 17:33)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

redhat via4

advisories

rhsa
id RHSA-2018:2942
rhsa
id RHSA-2018:2943
rhsa
id RHSA-2018:3000
rhsa
id RHSA-2018:3001
rhsa
id RHSA-2018:3002
rhsa
id RHSA-2018:3003
rhsa
id RHSA-2018:3007
rhsa
id RHSA-2018:3008
rhsa
id RHSA-2018:3350
rhsa
id RHSA-2018:3409
rhsa
id RHSA-2018:3521
rhsa
id RHSA-2018:3533
rhsa
id RHSA-2018:3534
rhsa
id RHSA-2018:3671
rhsa
id RHSA-2018:3672
rhsa
id RHSA-2018:3779
rhsa
id RHSA-2018:3852

rpms

java-1.8.0-openjdk-1:1.8.0.191.b12-0.el7_5
java-1.8.0-openjdk-accessibility-1:1.8.0.191.b12-0.el7_5
java-1.8.0-openjdk-accessibility-debug-1:1.8.0.191.b12-0.el7_5
java-1.8.0-openjdk-debug-1:1.8.0.191.b12-0.el7_5
java-1.8.0-openjdk-debuginfo-1:1.8.0.191.b12-0.el7_5
java-1.8.0-openjdk-demo-1:1.8.0.191.b12-0.el7_5
java-1.8.0-openjdk-demo-debug-1:1.8.0.191.b12-0.el7_5
java-1.8.0-openjdk-devel-1:1.8.0.191.b12-0.el7_5
java-1.8.0-openjdk-devel-debug-1:1.8.0.191.b12-0.el7_5
java-1.8.0-openjdk-headless-1:1.8.0.191.b12-0.el7_5
java-1.8.0-openjdk-headless-debug-1:1.8.0.191.b12-0.el7_5
java-1.8.0-openjdk-javadoc-1:1.8.0.191.b12-0.el7_5
java-1.8.0-openjdk-javadoc-debug-1:1.8.0.191.b12-0.el7_5
java-1.8.0-openjdk-javadoc-zip-1:1.8.0.191.b12-0.el7_5
java-1.8.0-openjdk-javadoc-zip-debug-1:1.8.0.191.b12-0.el7_5
java-1.8.0-openjdk-src-1:1.8.0.191.b12-0.el7_5
java-1.8.0-openjdk-src-debug-1:1.8.0.191.b12-0.el7_5
java-1.8.0-openjdk-1:1.8.0.191.b12-0.el6_10
java-1.8.0-openjdk-debug-1:1.8.0.191.b12-0.el6_10
java-1.8.0-openjdk-debuginfo-1:1.8.0.191.b12-0.el6_10
java-1.8.0-openjdk-demo-1:1.8.0.191.b12-0.el6_10
java-1.8.0-openjdk-demo-debug-1:1.8.0.191.b12-0.el6_10
java-1.8.0-openjdk-devel-1:1.8.0.191.b12-0.el6_10
java-1.8.0-openjdk-devel-debug-1:1.8.0.191.b12-0.el6_10
java-1.8.0-openjdk-headless-1:1.8.0.191.b12-0.el6_10
java-1.8.0-openjdk-headless-debug-1:1.8.0.191.b12-0.el6_10
java-1.8.0-openjdk-javadoc-1:1.8.0.191.b12-0.el6_10
java-1.8.0-openjdk-javadoc-debug-1:1.8.0.191.b12-0.el6_10
java-1.8.0-openjdk-src-1:1.8.0.191.b12-0.el6_10
java-1.8.0-openjdk-src-debug-1:1.8.0.191.b12-0.el6_10
java-1.7.0-oracle-1:1.7.0.201-1jpp.1.el6
java-1.7.0-oracle-devel-1:1.7.0.201-1jpp.1.el6
java-1.7.0-oracle-javafx-1:1.7.0.201-1jpp.1.el6
java-1.7.0-oracle-jdbc-1:1.7.0.201-1jpp.1.el6
java-1.7.0-oracle-plugin-1:1.7.0.201-1jpp.1.el6
java-1.7.0-oracle-src-1:1.7.0.201-1jpp.1.el6
java-1.7.0-oracle-1:1.7.0.201-1jpp.1.el7
java-1.7.0-oracle-devel-1:1.7.0.201-1jpp.1.el7
java-1.7.0-oracle-javafx-1:1.7.0.201-1jpp.1.el7
java-1.7.0-oracle-jdbc-1:1.7.0.201-1jpp.1.el7
java-1.7.0-oracle-plugin-1:1.7.0.201-1jpp.1.el7
java-1.7.0-oracle-src-1:1.7.0.201-1jpp.1.el7
java-1.8.0-oracle-1:1.8.0.191-1jpp.1.el7
java-1.8.0-oracle-devel-1:1.8.0.191-1jpp.1.el7
java-1.8.0-oracle-javafx-1:1.8.0.191-1jpp.1.el7
java-1.8.0-oracle-jdbc-1:1.8.0.191-1jpp.1.el7
java-1.8.0-oracle-plugin-1:1.8.0.191-1jpp.1.el7
java-1.8.0-oracle-src-1:1.8.0.191-1jpp.1.el7
java-1.8.0-oracle-1:1.8.0.191-1jpp.1.el6
java-1.8.0-oracle-devel-1:1.8.0.191-1jpp.1.el6
java-1.8.0-oracle-javafx-1:1.8.0.191-1jpp.1.el6
java-1.8.0-oracle-jdbc-1:1.8.0.191-1jpp.1.el6
java-1.8.0-oracle-plugin-1:1.8.0.191-1jpp.1.el6
java-1.8.0-oracle-src-1:1.8.0.191-1jpp.1.el6
java-1.6.0-sun-1:1.6.0.211-1jpp.1.el7
java-1.6.0-sun-demo-1:1.6.0.211-1jpp.1.el7
java-1.6.0-sun-devel-1:1.6.0.211-1jpp.1.el7
java-1.6.0-sun-jdbc-1:1.6.0.211-1jpp.1.el7
java-1.6.0-sun-plugin-1:1.6.0.211-1jpp.1.el7
java-1.6.0-sun-src-1:1.6.0.211-1jpp.1.el7
java-1.6.0-sun-1:1.6.0.211-1jpp.1.el6
java-1.6.0-sun-demo-1:1.6.0.211-1jpp.1.el6
java-1.6.0-sun-devel-1:1.6.0.211-1jpp.1.el6
java-1.6.0-sun-jdbc-1:1.6.0.211-1jpp.1.el6
java-1.6.0-sun-plugin-1:1.6.0.211-1jpp.1.el6
java-1.6.0-sun-src-1:1.6.0.211-1jpp.1.el6
java-1.7.0-openjdk-1:1.7.0.201-2.6.16.1.el7_6
java-1.7.0-openjdk-accessibility-1:1.7.0.201-2.6.16.1.el7_6
java-1.7.0-openjdk-debuginfo-1:1.7.0.201-2.6.16.1.el7_6
java-1.7.0-openjdk-demo-1:1.7.0.201-2.6.16.1.el7_6
java-1.7.0-openjdk-devel-1:1.7.0.201-2.6.16.1.el7_6
java-1.7.0-openjdk-headless-1:1.7.0.201-2.6.16.1.el7_6
java-1.7.0-openjdk-javadoc-1:1.7.0.201-2.6.16.1.el7_6
java-1.7.0-openjdk-src-1:1.7.0.201-2.6.16.1.el7_6
java-1.7.0-openjdk-1:1.7.0.201-2.6.16.0.el6_10
java-1.7.0-openjdk-debuginfo-1:1.7.0.201-2.6.16.0.el6_10
java-1.7.0-openjdk-demo-1:1.7.0.201-2.6.16.0.el6_10
java-1.7.0-openjdk-devel-1:1.7.0.201-2.6.16.0.el6_10
java-1.7.0-openjdk-javadoc-1:1.7.0.201-2.6.16.0.el6_10
java-1.7.0-openjdk-src-1:1.7.0.201-2.6.16.0.el6_10
java-11-openjdk-1:11.0.1.13-3.el7_6
java-11-openjdk-debug-1:11.0.1.13-3.el7_6
java-11-openjdk-debuginfo-1:11.0.1.13-3.el7_6
java-11-openjdk-demo-1:11.0.1.13-3.el7_6
java-11-openjdk-demo-debug-1:11.0.1.13-3.el7_6
java-11-openjdk-devel-1:11.0.1.13-3.el7_6
java-11-openjdk-devel-debug-1:11.0.1.13-3.el7_6
java-11-openjdk-headless-1:11.0.1.13-3.el7_6
java-11-openjdk-headless-debug-1:11.0.1.13-3.el7_6
java-11-openjdk-javadoc-1:11.0.1.13-3.el7_6
java-11-openjdk-javadoc-debug-1:11.0.1.13-3.el7_6
java-11-openjdk-javadoc-zip-1:11.0.1.13-3.el7_6
java-11-openjdk-javadoc-zip-debug-1:11.0.1.13-3.el7_6
java-11-openjdk-jmods-1:11.0.1.13-3.el7_6
java-11-openjdk-jmods-debug-1:11.0.1.13-3.el7_6
java-11-openjdk-src-1:11.0.1.13-3.el7_6
java-11-openjdk-src-debug-1:11.0.1.13-3.el7_6
java-1.8.0-ibm-1:1.8.0.5.25-1jpp.1.el6_10
java-1.8.0-ibm-demo-1:1.8.0.5.25-1jpp.1.el6_10
java-1.8.0-ibm-devel-1:1.8.0.5.25-1jpp.1.el6_10
java-1.8.0-ibm-jdbc-1:1.8.0.5.25-1jpp.1.el6_10
java-1.8.0-ibm-plugin-1:1.8.0.5.25-1jpp.1.el6_10
java-1.8.0-ibm-src-1:1.8.0.5.25-1jpp.1.el6_10
java-1.8.0-ibm-1:1.8.0.5.25-1jpp.1.el7
java-1.8.0-ibm-demo-1:1.8.0.5.25-1jpp.1.el7
java-1.8.0-ibm-devel-1:1.8.0.5.25-1jpp.1.el7
java-1.8.0-ibm-jdbc-1:1.8.0.5.25-1jpp.1.el7
java-1.8.0-ibm-plugin-1:1.8.0.5.25-1jpp.1.el7
java-1.8.0-ibm-src-1:1.8.0.5.25-1jpp.1.el7
java-1.7.1-ibm-1:1.7.1.4.35-1jpp.1.el6_10
java-1.7.1-ibm-demo-1:1.7.1.4.35-1jpp.1.el6_10
java-1.7.1-ibm-devel-1:1.7.1.4.35-1jpp.1.el6_10
java-1.7.1-ibm-jdbc-1:1.7.1.4.35-1jpp.1.el6_10
java-1.7.1-ibm-plugin-1:1.7.1.4.35-1jpp.1.el6_10
java-1.7.1-ibm-src-1:1.7.1.4.35-1jpp.1.el6_10
java-1.7.1-ibm-1:1.7.1.4.35-1jpp.1.el7
java-1.7.1-ibm-demo-1:1.7.1.4.35-1jpp.1.el7
java-1.7.1-ibm-devel-1:1.7.1.4.35-1jpp.1.el7
java-1.7.1-ibm-jdbc-1:1.7.1.4.35-1jpp.1.el7
java-1.7.1-ibm-plugin-1:1.7.1.4.35-1jpp.1.el7
java-1.7.1-ibm-src-1:1.7.1.4.35-1jpp.1.el7
java-1.7.1-ibm-1:1.7.1.4.35-1jpp.1.el6_10
java-1.7.1-ibm-devel-1:1.7.1.4.35-1jpp.1.el6_10
java-1.8.0-ibm-1:1.8.0.5.25-1jpp.1.el6_10
java-1.8.0-ibm-devel-1:1.8.0.5.25-1jpp.1.el6_10

refmap via4

bid	105617
confirm	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html https://security.netapp.com/advisory/ntap-20181018-0001/ https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03952en_us
debian	DSA-4326
gentoo	GLSA-201908-10
mlist	[debian-lts-announce] 20181122 [SECURITY] [DLA 1590-1] openjdk-7 security update
sectrack	1041889
ubuntu	USN-3804-1 USN-3824-1

Last major update

27-06-2022 - 17:33

Published

17-10-2018 - 01:31

Last modified

27-06-2022 - 17:33