CVE-2018-2657

7 documents6 sources
Severity
5.3MEDIUM
EPSS
1.0%
top 22.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Schneider-electric Struxureware Data Center ExpertOracle Corporation JavaHP XP7 Command View+10 more
Timeline
PublishedJan 18
Latest updateMay 13

Description

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u171 and 7u161; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability can

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages12 packages

CVEListV5oracle_corporation/java7u161; JRockit: R28.3.16, Java SE: 6u171+1
NVDoracle/jrockitr28.3.16
NVDoracle/jdk1.6.0, 1.7.0+1
NVDoracle/jre1.6.0, 1.7.0+1

Also affects: Enterprise Linux 7.5

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-qq7j-frwj-qh26: Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization)2022-05-13
CVEList
CVE-2018-2657: Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization)2018-01-18

📋Vendor Advisories

2
Red Hat
JDK: unspecified vulnerability fixed in 6u181 and 7u171 (Serialization)2018-01-16
Debian
CVE-2018-2657: openjdk-8 - Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent:...2018

💬Community

2
Bugzilla
CVE-2018-19839 libsass: Heap-based buffer over-read in the handle_error function resulting in a denial of service2019-01-31
Bugzilla
CVE-2018-2657 Oracle JDK: unspecified vulnerability fixed in 6u181 and 7u171 (Serialization)2018-01-17
CVE-2018-2657 (MEDIUM CVSS 5.3) | Vulnerability in the Java SE | cvebase.io