CVE-2018-3139

CWE-201 CWE-617 — Reachable Assertion13 documents8 sources

Severity

3.1LOW

EPSS

0.2%

top 59.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP XP7 Command View Oracle Corporation Java Canonical Ubuntu Linux +11 more

Timeline

PublishedOct 17

Latest updateMay 13

Description

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unau…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages9 packages

▶CVEListV5oracle_corporation/javaJava SE Embedded: 8u181, Java SE: 6u201, 7u191, 8u181, 11+1

▶NVDoracle/jdk4 versions+3

▶NVDoracle/jre4 versions+3

▶NVDhp/xp7_command_view< 8.6.3-00

▶Debianopenjdk-11< 11.0.1+13-1

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04, 18.10, Enterprise Linux 7.6, 7.5

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-fv88-cxjq-vfmv: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking)↗2022-05-13

▶

OSV

openjdk-7 vulnerabilities↗2018-11-16

▶

OSV

openjdk-8, openjdk-lts vulnerabilities↗2018-10-30

▶

OSV

CVE-2018-3139: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking)↗2018-10-17

▶

CVEList

CVE-2018-3139: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking)↗2018-10-17

▶

📋Vendor Advisories

Ubuntu

OpenJDK 7 vulnerabilities↗2018-11-16

▶

Ubuntu

OpenJDK vulnerabilities↗2018-10-30

▶

Red Hat

OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902)↗2018-10-16

▶

Red Hat

bind: Assertion failure in validator.c due to incorrect handling of DNSSEC validation↗2018-02-19

▶

Debian

CVE-2018-3139: openjdk-11 - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subc...↗2018

▶

💬Community

Bugzilla

CVE-2018-3139 OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902)↗2018-10-15

▶

Bugzilla

CVE-2018-5735 bind: Assertion failure in validator.c due to incorrect handling of DNSSEC validation↗2018-03-05

▶