Versio.io

CVE-2018-2815

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 19-04-2018 04:29
Last modified: - 13-05-2022 04:57
Total changes: - 2

Description

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Common Vulnerability Scoring System (CVSS)

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Low
Attack complexity
Network
Attack vector
Low
Availability
None
Confidentiality
None
Integrity
None
Privileges required
Unchanged
Scope
None
User interaction
5.3
Base score
3.9
1.4
Exploitability score
Impact score
 

Verification logic

OR
OR
vendor=oracle AND product=jre AND version=1.10.0
vendor=oracle AND product=jdk AND version=1.10.0
vendor=oracle AND product=jdk AND version=1.8.0 AND update=update162
vendor=oracle AND product=jdk AND version=1.7.0 AND update=update171
vendor=oracle AND product=jdk AND version=1.6.0 AND update=update181
vendor=oracle AND product=jre AND version=1.6.0 AND update=update181
vendor=oracle AND product=jre AND version=1.8.0 AND update=update162
vendor=oracle AND product=jre AND version=1.7.0 AND update=update171
OR
vendor=oracle AND product=jrockit AND version=r28.3.17
OR
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_desktop AND version=7.0
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_workstation AND version=7.0
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server AND version=7.0
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_desktop AND version=6.0
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server AND version=6.0
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_workstation AND version=6.0
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_eus AND version=7.5
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_tus AND version=7.6
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_eus AND version=7.6
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_aus AND version=7.6
OR
vendor=Debian AND product=debian_linux AND version=8.0
vendor=Debian AND product=debian_linux AND version=9.0
OR
vendor=canonical AND product=ubuntu_linux AND version=16.04 AND software_edition=lts
vendor=canonical AND product=ubuntu_linux AND version=14.04 AND software_edition=lts
vendor=canonical AND product=ubuntu_linux AND version=17.10
OR
vendor=schneider-electric AND product=struxureware_data_center_expert AND versionEndExcluding=7.6.0
OR
vendor=hp AND product=xp7_command_view AND version=- AND software_edition=advanced
 

Reference

 


Keywords

NVD

 

CVE-2018-2815

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.